how to become a hacker in 15 minutesAttention! This material, like all the rest, was created in order to show the lazy administrators of WEB servers to the most common holes that they are too lazy to plug (although this is their direct responsibility). And it is precisely because of their laziness that any person can break their server in 15 minutes.
You don’t know how to roller skate - the last attempt ended with breaking both legs on a too high parapet. You do not know how to write programs - your first and last program, written in Norton Commander, killed your motherboard and burned the monitor. You don’t understand music - still think that Marilyn Manson is a member of Spice Girls? And you know Rodriguez only because he will live for a long time? From all this it follows that they disastrously do not give you. It's a shame, but it's easy to fix - become a hacker.
You need an IRC client (take any, you only need to execute a couple of commands there), and on ftp.technotronic.com in the "rhino9-products" section, take a program called Grinder - it looks for the file you specified in the IP range and shows the rights on him. You also need the Unix password picker John the Ripper (any search engine will give you a billion links to it). And in square brackets I will indicate what needs to be written.
What are we going to break? The system of that moron who, receiving a salary for server protection, doesn’t do a damn thing for this very protection. Read carefully and teach - this paragraph you will vparivat girls at parties. There is such a thing - cgi-scripts, why they are needed and how they are arranged are too long to explain and not necessary. And one of the very first errors found in these scripts was the so-called. phf bug, phf script error that allows remote users to execute any Unix commands on the web server. The error was found back in '96, but, you will not believe it, there are still enough servers that have not heard about it! Well, there is an old Russian proverb - "Thunder will not strike - a man will not cross himself."
Launch the IRC client and connect to any server (just don’t try to do what the IRC was created for - for chatter, otherwise this chatter will take the rest of your days and money in the account).
The worst protection is always on large university servers, the software has not been updated there for years, and admins are so drunk with beer that they just forgot that bugs need to be fixed at least sometimes.
So feel free to enter the command [/ who * .edu].
Here is a list of users using a university server to access the Internet.
OK, take any user (better than the first) that comes across, for example, Jagaast email@example.com: 2 Jagaast Iz'Merl (*).
User Jagaast does not yet know that he will be Pavlik Morozov, but I think he will die in ignorance.
The next command is [/ dns Jagaast].
This will let you know its IP (for example, 126.96.36.199).
Now run Grinder, it offers you to search for the file /index.htm[r1].
Why do we need this file? We erase it in FIG and instead write [/ cgi-bin / phf.cgi] and the IP range from 188.8.131.52 to 184.108.40.2066 (for those in the tank, this is the range that our Jagaast falls into).
There are two options:
First: Grinder writes the URL found.
The second is everything else. Guess which option is more favorable?
Now, if found, remember (write down the address where it was found (for example, 220.127.116.11)) and rush to the browser. Erase your favorite text in the browser window
[http://content.mail.ru/My Downloads / ??? ¦? €? ¦ /Xakep/hack5/tppmsgs/msgs0.htm#40
[http://content.mail.ru/My Downloads / РЎР¦С € Р¦ /Xakep/hack5/tppmsgs/msgs0.htm#41?Qalias=я/bin/cat / etc / passwd].
Oh god what is this ?! The passwd file is right in your browser window! That's all you need, save it and put it right in the hands of old John (who is The Ripper). After reading, you will understand what to do there, it is not so difficult.