This page has been robot translated, sorry for typos if any. Original content here.

how to become a hacker in 15 minutes

Attention! This material, like all the rest, was created to show obfuscated administrators WEB-servers on the most common holes, which they laziness to plug (although this is their direct duty). And it is because of their laziness that any person in 15 minutes can break their server.

You do not know how to roller-skate - the last attempt was that you broke both your legs on a too high parapet. You do not know how to write programs - your first and last program written on Norton Commander, killed your motherboard and burned the monitor. You do not understand music - do you still think that Marilyn Manson is a member of the Spice Girls band? And you know Rodriguez just because he will live for a long time? From all this it follows that you are not given catastrophically. It's a shame, but it's easy to fix - become a hacker.

You will need an IRC client (take any, you only need to execute a couple of commands there), and also on in the "rhino9-products" section, take the program called Grinder - it looks for the file specified by you in the IP range and shows the rights on him. Also you need a selector of Unix passwords John the Ripper (any search engine will give you a billion links to it). And in square brackets I will indicate that I must write.

What are we going to break? The system of that moron, who, receiving a salary for protecting the server, does not do a damn for this very protection. Read carefully and teach - this paragraph you will vparivat girls at parties. There is such a thing - cgi-scripts, why they are needed and how they are arranged, too long to explain and not necessarily. And one of the very first mistakes found in these scripts was the so-called. phf bug, a phf script error that allows any user to execute any Unix commands on the web server. The error was found back in 96, but, you will not believe, there are still enough servers that did not hear about it! Well, there is an old Russian proverb - "The thunder will not come - the man will not cross himself."

Run the IRC client and connect to any server (just do not try to do what the IRC was created for - chatter, otherwise this whole chatter will leave the rest of your days and money in the account).

The worst protection is always on large university servers, there are not updated software for years, and admins have so drunk on beer that they simply forgot that bugs should at least sometimes be fixed.

Therefore, safely enter the command [/ who * .edu].

Before you is a list of users using a university server to access the Internet.

OK, take anyone (better than the first) user, for example, Jagaast 2 Jagaast Iz'Merl (*).

User Jagaast does not know yet what exactly he will be Pavlik Morozov, but I think he will die in ignorance.

The following command is [/ dns Jagaast].

By this you will know its IP (for example,

Now run Grinder, it prompts you to search the file /index.htm[r1].

Why do we need this file? We erase the figs and instead write [/ cgi-bin / phf.cgi] and the IP range from to (for those in the tank - this is the range into which our Jagaast falls).

We wait...

There are two options:
First: Grinder writes URL found.
The second - everything else. Guess which option is more favorable?

Now, if found, remember (write down the address where it was found (for example, and rush to the browser. In the browser window erase your favorite inscription

[ Downloads / ??? |??? / / Xakep/hack5/tppmsgs/msgs0.htm#40
[ Downloads / PREV / P / Xakep/hack5/tppmsgs/msgs0.htm#41?Qalias=y/bin/cat / etc / passwd].

Oh my God, what is this? !! File passwd right in the window of your browser! That's all you need, save it and put it right into the hands of old man John (who is The Ripper). After reading, you'll figure out what to do there, it's not so difficult.