1. How do I access the password file under Unix?
In standard Unix the password file is /etc/passwd. On a Unix system
with either NIS/yp or password shadowing, much of the password data
may be elsewhere.
2. How do I crack Unix passwords?
Contrary to popular belief, Unix passwords cannot be decrypted. Unix
passwords are encrypted with a one way function. The login program
encrypts the text you enter at the "password:" prompt and compares
that encrypted string against the encrypted form of your password.
Password cracking software uses wordlists. Each word in the wordlist
is encrypted with each of the 2600 possible salt values and the
results are compared to the encrypted form of the target password.
The best cracking program for Unix passwords is currently Crack by
Alec Muffett. For PC-DOS, the best package to use is currently
CrackerJack.
3. How do I access the password file under VMS?
Under VMS, the password file is SYS$SYSTEM:SYSUAF.DAT. However,
unlike Unix, most users do not have access to read the password file.
4. How do I crack VMS passwords?
Write a program that uses the SYS$GETUAF functions to compare the
results of encrypted words against the encrypted data in SYSUAF.DAT.
Two such programs are known to exist, CHECK_PASSWORD and
GUESS_PASSWORD.
NIS (Network Information System) in the current name for what was once
known as yp (Yellow Pages). The purpose for NIS is to allow many
machies on a network to share configuration information, including
password data. NIS is not designed to promote system security. If
your system uses NIS you will have a very short /etc/passwd file with
a line that looks like this:
+::0:0:::
To view the real password file use this command "cd/etc;ypcat passwd"
6. What is password shadowing?
Password shadowing is a security system where the encrypted password
field of /etc/password is replaced with a special token and the
encrypted password is stored in a seperate file which is not readable
by normal system users.
To defeat password shadowing on many systems, write a program that
uses successive calls to getpwent() to obtain the password file.
Example:
#include <pwd.h>
main()
{
struct passwd *p;
while(p=getpwent())
printf("%s:%s:%d:%d:%s:%s:%sn", p->pw_name, p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
}
7. How do I break out of a restricted shell?
On poorly implemented restricted shells you can break out of the
restricted environment by running a program that features a shell
function. A good example is vi. Run vi and use this command:
:set shell=/bin/sh
then shell using this command:
:shell
8. How do I gain root from a suid script or program?
1. Change IFS.
If the shell script calls any other programs using the system()
function call, you may be able to fool it by changing IFS. IFS is the
Internal Field Seperator that the shell uses to delimit arguments.
If the program contains a line that looks like this:
system("/bin/date")
and you change IFS to '/' the shell will them interpret the
proceeding line as:
bin date
Now, if you have a program of your own in the path called "bin" the
suid program will run your program instead of /bin/date.
To change IFS, use this command:
set IFS '/'
2. link the script to -i
Create a symbolic link named "-i" to the program. Running "-i"
will cause the interpreter shell (/bin/sh) to start up in interactive
mode. This only works on suid shell scripts.
Example:
% ln suid.sh -i
% -i
#
3. Exploit a race condition
Replace a symbolic link to the program with another program while the
kernel is loading /bin/sh.
Example:
nice -19 suidprog ; ln -s evilprog suidroot
4. Send bad input the the program.
Invoke the name of the program and a seperate command on the same
command line.
Example:
suidprog ; id
9. How do I fake posts to UseNet?
Use inews to post. Give inews the following lines:
From:
Newsgroups:
Subject:
Message-ID:
Date:
Organization:
For a moderated newsgroup, inews will also require this line:
Approved:
Then add your post and terminate with <Control-D>.
Example:
From: Dale Drew
Newsgroups: alt.2600
Subject: Please forgive me
Message-ID: <d_drew.123@tymnet.com>
Date: Fri, 13 Jun 1994 12:15:03
Organization: Tymnet Insecurity
When a coin is inserted into a payphone, the phone emits a set of
tones. A red box is a device that simulates those tones, with the
purpose of fooling the payphone into believing you have inserted an
actual coin.
Red boxes are commonly manufactured from modified Radio Shack tone
dialers, Hallmark greeting cards, or made from scratch from readily
available electronic components.
To make a Red Box from a radio shack tone dialer, open the dialer and
replace the crystal (the largest shiny metal component) with a crystal
close to 6.5Mhz. The most popular choice is the 6.5536Mhz crystal.
When you are finished, program the P1 button with five *'s. That will
simulate a quarter tone. Note that the tone dialer you start with
must have programmable buttons.
12. Which payphones will a Red Box work on?
Red Boxes will work on TelCo owned payphones, but not on COCOT's
(Customer Owned Coin Operated Telephones).
Blue boxes use a 2600hz tone to convince telephone switches that use
in-band signalling that the caller is actually a telephone operator.
The caller may then access special switch functions, with the usual
purpose of making free long distance phone calls, using the
Multi-Frequency tones provided by the Blue Box.
Blue Boxes still work in areas using in-band signalling. Modern phone
signalling switches using ESS (Electronic Signalling Systems) use
out-of-band-signalling. Nothing you send over the voice portion of
bandwidth can control the switch.
A Black Box is a 10k ohm resistor placed across your phone line to
cause the phone company equipment to be unable to detect that you have
answered your telephone. People who call you will then not be billed
for the telephone call.
16. What are some IRC channels of interest to hackers?
#hack
#phreak
#linux
#unix
#warez
17. How do I hack ChanOp on IRC?
Find a server that is split from the rest of IRC and create your own
channel there using the name of the channel you want ChanOp on. When
that server reconnects to the net, you will have ChanOp on the real
channel. If you have ServerOp on a server, you can cause it to split
on purpose.
18. How do I modify the IRC client to hide my real username?
Get the IRC client from cs.bu.edu /irc/clients. Look at the source
code files irc.c and ctcp.c. The code you are looking for is fairly
easy to spot. Change it. Change the username code in irc.c and the
ctcp information code in ctcp.c. Compile and run your client.
19. What is a ringback number?
A ringback number is a number that you call that will immediately
ring the telephone from which it was called.
A loop is two phone numbers connected together by the phone company
for testing purposes. A loop has a high end and a low end. If you
dial the high end, you will hear nothing. Not even a ring. If you
dial the low end, you will hear an annoying 1,000hz tone for several
seconds. If you connect to the high end and someone dials the low
end, you can speak to each other.
21. What is a trojan/worm/virus?
Trojan: A program that when run by a user does an action that the
users did not expect, or the program was not designed to do.
Virus: A portion of code that attaches it self to other executable
files in the attempt to replicate and spread itself.
Worm: A stand alone program that acomplishes a task in the
background by replicating and moving though a computer
network.
Warning: Trying to access array offset on value of type null in /home/u313694809/domains/interviewquestionsanswers.org/public_html/subcategoryLive.php on line 488
Ethical Hacking is when a person is allowed to hacks the system with the permission of the product owner to find weakness in a system and later fix them.
To every device IP address is assigned, so that device can be located on the network. In other words IP address is like your postal address, where anyone who knows your postal address can send you a letter.
25. What is MAC (Machine Access Control) address?
A MAC address is a unique serial number assigned to every network interface on every device. Mac address is like your physical mail box, only your postal carrier (network router) can identify it and you can change it by getting a new mailbox (network card) at any time and slapping your name (IP address) on it.
