“UNIX Trojan Horses”
Introduction
————
“UNIX Security” is an oxymoron. It’s an easy system to brute force hack (most UNIX systems don’t hang up after x number of login tries, and there are a number of default logins, such as root, bin, sys and uucp). Once you’re in the system, you can easily bring it to its knees (see my previous Phrack article, “UNIX Nasty Tricks”) or, if you know a little ‘C’, you can make the system work for you and totally eliminate the security barriers to creating your own logins, reading anybody’s files, etcetera. This file will outline such ways by presenting ‘C’ code that you can implement yourself.
Requirements
————
You’ll need a working account on a UNIX system. It should be a fairly robust version of UNIX (such as 4.2bsd or AT&T System V) running on a real machine (a PDP/11, VAX, Pyramid, etc.) for the best results. If you go to school and have an account on the school system, that will do perfectly.
Notes
—–
This file was inspired an article in the April, ’86 issue of BYTE entitled “Making UNIX Secure.” In the article, the authors say “We provide this information in a way that, we hope, is interesting and
useful yet stops short of being a ‘cookbook for crackers.’ We have often intentionally omitted details.” I am following the general outline of the article, giving explicit examples of the methods they touched
on.
An unrelated note: Somewhere there’s a dude running around using the handle “Lord British” (not THE Lord British…). This is a message for LB: “Fuck off and die.”
Here we go…
Project One: Fishing For Passwords
———————————–
You can implement this with only a minimal knowledge of UNIX and C. However, you need access to a terminal that many people use – the computer lab at your school, for example.
When you log onto a typical UNIX system, you see something like this:
Tiburon Systems 4.2bsd / System V (shark)
login: shark
Password: (not printed)
The program I’m giving you here simulates a logon sequence. You
run the program from a terminal and then leave. Some unknowing fool will walk up and enter their login and password. It is written to a
file of yours, then “login incorrect” is printed, then the fool is
asked to log in again. The second time it’s the real login program.
This time the person succeeds and they are none the wiser. Read the rest of this entry »
“Introduction to Videoconferencing”
Videoconferencing is not just one thing. It takes several different forms and
can be designed in many different ways. Most of these ways are probably still
waiting to be discovered.
First of all, there are two main categories of videoconferencing. There is
Point-to-Point and Point-to-Multipoint.
Point-to-point/Two-Way Videoconferencing
—————————————-
Two-way videoconferencing enables people to conduct meetings even though the
participants are in separate locations. Using interactive video and audio
equipment, participants in one location can see, hear, and interact with
colleagues in another location.
The most familiar example occurs regularly on TV. When a newscaster in
Washington interviews a head of state on the opposite side of the world
“live,” that’s point-to-point, full-motion, full-color videoconferencing. Read the rest of this entry »
