how to become a hacker in 15 minutesAttention! This material, like all the others, was created in order to show the lazy administrators of WEB-servers to the most common holes that they are too lazy to plug (although this is their direct responsibility). And precisely because of their laziness, anyone in 15 minutes can break their server.
You do not know how to roller skate - the last attempt ended with the fact that you broke both legs on a parapet too high. You do not know how to write programs - your first and last program, written on Norton Commander, killed you motherboard and burned the monitor. You do not understand the music - still think that Marilyn Manson is a member of the group Spice Girls? And you know Rodriguez just because he will live for a long time? From all this it follows that they do not give you disastrously. It's a shame, but it is easy to fix - become a hacker.
You will need an IRC client (take any, you only have to execute a couple of commands), and also on ftp.technotronic.com in the "rhino9-products" section take a program called Grinder - it searches for the file specified by you in the IP range and shows the rights on him. You also need John the Ripper (any search engine will give you a billion links to it). And in square brackets I will indicate what to write.
What are we going to break? The system of that idiot who, receiving a salary for the protection of the server, does not do a damn for this protection. Read carefully and teach - this paragraph you will vparivat girls at parties. There is such a concept - cgi-scripts, why they are needed and how they are arranged, to explain for too long and not at all. And one of the very first errors found in these scripts was the so-called. phf bug, a phf script error that allows a remote user to execute any unix commands on a web server. The error was found back in '96, but you will not believe, there are still enough servers that have not heard about it! Well, there is an old Russian proverb - "Thunder does not break out - a peasant will not cross."
Launch the IRC client and connect to any server (just don’t even think about doing what the IRC was created for - chatter, otherwise it will take the rest of your days and money on the account).
The worst protection is always on large university servers, the software has not been updated there for years, and the administrators are so full of beer that they simply forgot that bugs have to be fixed at least sometimes.
Therefore, feel free to enter the command [/ who * .edu].
Before you is a list of users who use the university server to access the Internet.
OK, take any user (better than the first one), for example, Jagaast email@example.com: 2 Jagaast Iz'Merl (*).
User Jagaast does not yet know what exactly he will be Pavlik Morozov, but I think he will die in ignorance.
The next command is [/ dns Jagaast].
This way you recognize its IP (for example, 184.108.40.206).
Now run Grinder, it prompts you to look for the file /index.htm[r1].
Why do we need this file? We erase in FIG and instead write [/ cgi-bin / phf.cgi] and the IP range from 220.127.116.11 to 18.104.22.1686 (for those in the tank, this is the range that our Jagaast falls into).
There are two options:
First: Grinder writes URL found.
The second is everything else. Guess which option is more favorable?
Here, if found, remember (write down the address where it was found (for example, 22.214.171.124)) and rush to the browser. In the browser window, erase your favorite inscription
[http://content.mail.ru/My Downloads / ???? €? ¦ /Xakep/hack5/tppmsgs/msgs0.htm#40
[http://content.mail.ru/My Downloads / РЎР¦С € Р¦ /Xakep/hack5/tppmsgs/msgs0.htm#41?Qalias=ya/bin/cat / etc / passwd].
Oh God, what is it? !! The passwd file right in your browser window! That's all you need, save it and put it right in the hands of old John (who is The Ripper). After reading, you figure out what to do there, it's not so difficult.