[Chaos-Knoten]12. Chaos Communication Congress '95


Hacking for Beginners

by Michael Diel [m.diel@link-goe.zerberus.de] and Anke Scholz [anke.scholz@link-goe.zerberus.de]

The most important message first: system administrator is no longer our favourite profession. After attending this workshop, we no longer believe it is the favourable profession, compared to astronaut or conductor. At least this was the impression the about 40 people must have had that at the workshop "Hacking for Beginners - Security Leaks in UNIX-Systems, Basic Knowledge" lead by Jens Ohlig and Andreas Bogk.

Like most other operating systems, UNIX was not programmed with security problems in mind. The existance of programms such as SATAN, CRACK, ISS and similar tools shows how many security leaks can be found in this prominent campus operating system.

The speakers, both at the onset of their university-career, presented their "favourite leaks" or "leaks of the month".

A hacker will always aim for the password-file of a UNIX-System, trying to transfer it to his home-system. He can then take time to decode the encoded passwords included in the file. Large dictionaries, which are available from all main public ftp servers, can be of fast help in connection with automatic encoding-programms, which allow several special options. "With a large dictionary, you can test about 500.000 words per minute - everything from Kisuaheli through Dutch."

The unwanted traveller in data-space may now access the system with a fake identity. In the worst case, he gains root access, which gives him total control over all system resources.

Apart from password-"hacking", it is possible to "listen in" on other people's systems communication. With the aid of the programme X-KEY, the systemadministrator's lunchbreak can consequently become a hacker's grand diner when working on an X-WINDOWS-server. In the worst case, the intruder will have gained access to the foreign system at this point.

Accessing a system without a password is more elegant of course. In this case, the hacker needs to know which trustee-chain the targeted system belongs to, meaning which other servers allow him to access without passing a password request.

A straight attack must be used if this indirect path is blocked: the transfer of commands which can be "equiped" with parameters that disable the password request. A bug in the telnet-programme - for Andreas Bogk his personal "bug of the month" - is such a leak in the internet.

The general rules are: never work under your own ID, always under somebody else's. (Naturally, you will be quick to aid a fellow student change his or her password...) Worth a look are the orphaned accounts which exist in each system due to a lax system setup or an inediquate system maintanance.

The ugly duckling in the last corner may then become gorgeous woman happily requested by computerhackers, which enjoy the undisturbed and creative working environment.

The traveller may receive devillishly easy help from the programme SATAN, which allows the user to find the loopholes in the security system with a simply click of the mouse.

Once a hacker has gained access to another system, some general information is important: which operating system is used in which version, which systemconfigurations are set, etc.

When "the deed is done", a computer expert should not leave any traces. This requires the deletion of any existing history- or logfiles.

Finally, the two young speakers again mentioned the dangers of the "creative handling of security leaks". "All this is illegal. We have never tried it ourselves and we do not advise you to do so!"

Those interested should have a basic knowledge of UNIX or acquire such by working at least half a year with their home-based LINUX installation.

Further information can be obtained fron several www-servers, e.g. the Computer Emergency Response Team Server of the Deutsche Forschungsnetz at www.cert.dfn.de or other CERT servers around the world.

Translation:
Anke Scholz
Literature:
Jens and Andreas recommend all books published by O'Reilly, "Illuminatus!" by Robert Shea and Robert Anton Wilson (neccessary to get into the required state of paranoia) as well as the content of the mailinglists "bugtraq" and "8lgm" (eight little green men). The necessary software (SATAN, COPS, ISS, CRACK, etc.) might be obtained via ftp from ftp.win.tue.nl or ftp.cert.dfn.de.
Adresses:
Jens Ohlig [jens@aerospace.zerberus.de] or at his www home page
Andreas Bogk [mailto:andreas@artcom.de]


Michael Rademacher, 27.12.1995
Archived page - Impressum/Datenschutz