How to become a hacker in 15 minutes

Attention! This material, like all the rest, was created in order to show the administrators of the WEB servers who are too lazy to have the most common holes that they are too lazy to plug (although this is their direct duty). And it is because of their laziness that any person in 15 minutes can break their server.

You do not know how to roller-skate - the last attempt was that you broke both legs on a too high parapet. You do not know how to write programs - your first and last program written on Norton Commander, killed your motherboard and burned the monitor. You do not understand music - do you still think that Marilyn Manson is a member of the Spice Girls band? And you know Rodriguez only because he will live for a long time? From all this it follows that you are not given catastrophically. It's a shame, but it's easy to fix - become a hacker.

You will need an IRC client (take any, you only need to execute a couple of commands there), and also on ftp.technotronic.com in the "rhino9-products" section, take the program called Grinder - it looks for the file specified by you in the IP range and shows the rights on him. You also need a selector for Unix passwords John the Ripper (any search engine will give you a billion links to it). And in square brackets I will indicate that I should write.

What are we going to break? The system of that moron, who, receiving a salary for the protection of the server, does not do a damn for this very protection. Read carefully and teach - this paragraph you will vparivat girls at parties. There is such a thing - cgi-scripts, why they are needed and how they are arranged, too long to explain and not necessarily. And one of the earliest errors found in these scripts was the so-called. Phf bug, a phf script error that allows any user to execute any Unix commands on the web server. The error was found back in 96, but, you will not believe, there are still enough servers that did not hear about it! Well, there is an old Russian proverb - "The thunder will not come - the man will not cross himself."

Run the IRC client and connect to any server (just do not try to do what the IRC was created for - chatter, otherwise the rest of your days and money will be spent on the same chatter).

The worst protection is always on the big university servers, there the software is not updated for years, and the administrators are so drunk on beer that they forgot that bugs have to be fixed at least sometimes.

Therefore, safely enter the command [/ who * .edu].

Before you is a list of users using a university server to access the Internet.

OK, take anyone (better than the first) user, for example, Jagaast [email protected]: 2 Jagaast Iz'Merl (*).

User Jagaast does not yet know what exactly it will be Pavlik Morozov, but I think he will die in ignorance.

The following command is [/ dns Jagaast].

By this you will know its IP (for example, 194.52.14.102).

Now run Grinder, it prompts you to search the file /index.htm[r1].

Why do we need this file? We erase the figs and instead write [/ cgi-bin / phf.cgi] and the IP range from 194.52.14.1 to 194.52.14.256 (for those in the tank - this is the range into which our Jagaast falls).

We wait...

There are two options:
First: Grinder writes URL found.
The second - everything else. Guess which option is more favorable?

Now, if found, remember (write down the address where it was found (for example, 194.52.14.25)) and rush to the browser. In the browser window erase your favorite inscription

[Http://content.mail.ru/My Downloads / ??? |??? / / Xakep/hack5/tppmsgs/msgs0.htm#40
[Http://content.mail.ru/My Downloads / P / R / /akep/hack5/tppmsgs/msgs0.htm#41?Qalias=y/bin/cat / etc / passwd].

Oh my God, what is this? !! File passwd right in the window of your browser! That's all you need, save it and put it right into the hands of old man John (who is The Ripper). After reading, you'll figure out what to do there, it's not so difficult.