This page has been robot translated, sorry for typos if any. Original content here.

how to become a hacker in 15 minutes

Attention! This material, like all the others, was created in order to show the lazy administrators of WEB-servers to the most common holes that they are too lazy to plug (although this is their direct responsibility). And precisely because of their laziness, any person in 15 minutes can break their server.

You do not know how to roller skate - the last attempt ended with the fact that you broke both legs on a parapet too high. You do not know how to write programs - your first and last program, written on Norton Commander, killed you the motherboard and burned the monitor. You do not understand the music - still think that Marilyn Manson is a member of the group Spice Girls? And you know Rodriguez just because he will live for a long time? From all this it follows that they do not give you disastrously. It's a shame, but it's easy to fix - become a hacker.

You will need an IRC client (take any, you only have to execute a couple of commands), and also on in the section "rhino9-products" take a program called Grinder - it searches for the file specified by you in the IP range and shows the rights on him. You also need John the Ripper (any search engine will give you a billion links to it). And in square brackets I will indicate what should be written.

What are we going to break? The system of that idiot who, receiving a salary for the protection of the server, does not do a damn for this protection. Read carefully and teach - this paragraph you will vparivat girls at parties. There is such a thing - cgi-scripts, why they are needed and how they are arranged, to explain for too long and not at all. And one of the very first errors found in these scripts was the so-called. phf bug, a phf script error that allows a remote user to execute any unix commands on a web server. The error was found back in '96, but you will not believe, there are still enough servers that have not heard about it! Well, there is an old Russian proverb - "Thunder does not break out - the peasant will not cross."

Launch the IRC client and connect to any server (just don’t even think of doing what the IRC was created for - chatter, otherwise it will take the rest of your days and money on the account).

The worst protection is always on large university servers, the software has not been updated there for years, and administrators have drunk so much beer that they simply forgot that bugs should be fixed at least sometimes.

Therefore, feel free to enter the command [/ who * .edu].

Before you is a list of users who use the university server to access the Internet.

OK, take any user (better than the first one), for example, Jagaast 2 Jagaast Iz'Merl (*).

User Jagaast does not yet know what exactly he will be Pavlik Morozov, but I think he will die in ignorance.

The next command is [/ dns Jagaast].

This way you recognize its IP (for example,

Now run Grinder, it prompts you to look for the file /index.htm[r1].

Why do we need this file? We erase in FIG and instead write [/ cgi-bin / phf.cgi] and the IP range from to (for those in the tank, this is the range that our Jagaast falls into).

We wait...

There are two options:
First: Grinder writes URL found.
The second is everything else. Guess which option is more favorable?

Here, if found, remember (write down the address where it was found (for example, and rush to the browser. In the browser window, erase your favorite inscription

[ Downloads / ???? €? ¦ /Xakep/hack5/tppmsgs/msgs0.htm#40
[ Downloads / РЎР¦С € Р¦ /Xakep/hack5/tppmsgs/msgs0.htm#41?Qalias=ya/bin/cat / etc / passwd].

Oh God, what is it? !! The passwd file right in your browser window! That's all you need, save it and put it right in the hands of old John (who is The Ripper). After reading, you figure out what to do there, it's not so difficult.