Unix Commands You Need to Know

by -@OsiriS@-

Basic Commands

1A. Basic commands
1B. Telnet
1C. Rlogin
1D. FTP
1E. GCC (unix compiler)

I hope you have a basic knowledge of DOS, that would help a bit, and I will assume that you already do in writing this manual.

DOS Commands you are used to first:

REMEMBER: unix is case sensitive, so if I here use lower case you must also, if I use a space you must also. DOS will let you get away with allot of things but unix will not!

DIR/W = ls
DIR = ls -l
DIR/AH = ls -al AH=(hidden) -al=(include hidden files as well as regular)
RENAME = mv
ATTRIB = chmod
MD = mkdir
RD = rmdir
DEL = rm
COPY = cp

These are the basic commands, i suggest that you lookup the man pages on each one of these commands from your unix shell. You would do this by typing 'man command' without the ''.

each one of these commands will have switches for them, like cp -R to copy files and directories. So you would type man cp to get all of the switches you can use with the copy command.

cd {then press enter} will always take you to your home directory
cp filename $HOME will copy the file to your home directory
cd ~username will take you to that users home dir if you have access to be there
pwd {press enter} will show you what directory you are in.

Telnet

Telnet is a command that you can use from a shell account, or from an exe file (telnet.exe) from Windows, OS/2, Windows 95 and other operating systems that will let you connect to another machine on the net. There are other programs you will learn about here like FTP, and rlogin that you can use as well but now we will use telnet.

You can use telnet if you know the IP address or the host name you want to connect or login to. To use the command you would just use the telnet program to connect to the IP or host like this:

Telnet netcom.com or telnet 206.146.43.56

Ok, now lets login:

telnet machine.com

trying .....

Connected to machine.com

Linux 2.0.28 (machine.com) (ttyp0)

machine login:username
password:#######

bash$

Your prompt might look different, but we will use this one.

Notice above that it will tell you the O/S when you get the login prompt. You can use this if you get a large collection of passwd files. Even before going on to crack them sort them by O/S types by just telnet-ing to them to see what they are running. There are other ways, but lets keep this telnet topic going for a sec... telnet domain.name.com, after you see what they are running make a note of this and ctrl ] to break out of the connection.

Put all of your linux passwd files into a pile to be cracked first. All we need is one account that works for the system, and we can be almost sure we will have root on that machine! There are way to many holes in linux to think we will not be able to own one of those machines, so lets get to work so we can start this wonderful world of hacking.

Unix File Permissions

bash$

bash$ cd /tmp
bash$ ls -l
total 783
-rwx------ 1 wood users 1 Jan 25 18:28 19067haa
-rw-r--r-- 1 berry mail 1 Jan 16 12:38 filter.14428
-rw------- 1 rhey19 root 395447 Jan 24 02:59 pop3a13598
-rw------- 1 rhey19 root 395447 Jan 24 03:00 pop3a13600
drwxr-xr-x 4 root root 1024 Jan 12 13:18 screens

First notice that we used a / and not \ to change to the tmp directory! Unix uses the / as the root so it is backwards from DOS here. Notice we did ls -l for the long directory. If we did 'ls' we would have what you see below.

bash$ ls
19067haa filter.14428 pop3a13598 pop3a13600 screens

With what we see here can not tell much, so most of the time we will be using ls -al with the -al we will see the hidden files also, hidden files and directories will always start with a '.'. Now watch:

bash$ ls -al
total 794
drwxrwxrwt 4 root root 8192 Jan 25 23:05 .
drwxr-xr-x 22 root root 1024 Dec 28 18:07 ..
-rw-r--r-- 1 berry users 6 Jan 25 23:05 .pinetemp.000
drwxr-xr-x 2 berry users 1024 Jan 25 23:05 .test
-rwx------ 1 wood users 1 Jan 25 18:28 19067haa
-rw-r--r-- 1 berry mail 1 Jan 16 12:38 filter.14428
-rw------- 1 rhey19 root 395447 Jan 24 02:59 pop3a13598
-rw------- 1 rhey19 root 395447 Jan 24 03:00 pop3a13600
drwxr-xr-x 4 root root 1024 Jan 12 13:18 screens

.pinetemp.000 is a hidden file, and .test is a hidden directory.

-rw-r--r-- 1 berry mail 1 Jan 16 12:38 filter.14428

row 1 row2 row3
----------------------------

Now here we need to learn about permissions, users, and groups.

Row #1 is the file permissions
Row #2 is who owns the file
Row #3 is the group owner of the file

File permissions are grouped together into three different groups. If the line starts with a d, it is a directory, if there is no d, it is a file.

- --- --- ---
| | | |--------> Other = anyone on the machine can access
| | |------------> Group = certain groups can access
| |----------------> User = only the owner can access
|------------------> Directory Mark

- rw- r-- r--
| | | |--------> Other can only read the file
| | |------------> Group can only read the file
| |----------------> User can read or write to the file
|------------------> It is not a directory

- rwx rwx r-x | | | |--------> Other can read and execute the file
| | |------------> Group can read write and execute the file
| |----------------> User can read write and execute the file
|------------------> It is not a directory

The owner is the user name in row #2 and the group owner is the name in row #3. In DOS the file has to have a .exe, .com, or .bat extension to execute, but in unix all you need is the --x in your group of user, other, group

You can change these permissions if you own the file or have root access:

chmod oug+r filename will make all three groups of permissions be able to read the file.

chmod og-r filename would make the file readable only to the user that owns the file. (notice the - or + to set the file yes or no)

chmod +x filename would make the file execute by all.

chown username filename would make the file owned by another user.

chgrp groupname filename would make the file owned by another group.

Make sure to keep file perm's and groups the same or you will be sniffed out and booted from the system. Changing configs on the system might only break other functions, so keep your paws off or you are just asking to get caught. Only do what you are *SURE* of. Only use commands that you know, you might find yourself spending hours fixing just one typo like chown -R username /* could keep you busy for a year ;)

Just be careful!

We will get into this stuff more as we go into the needs for this.

Rlogin

There is another command you might use and we will get into this elsewhere as we get into using rlogin to login to a system without a password.

For now read the man pages on rlogin by using the man rlogin from your shell account.

The basic command would be :

rlogin -l username hostname
connecting....
password:

bash$

Rlogin requires the user to have a file in their home directory that tells what system they can receive the rlogin from. In this file .rhosts it would look like this:

username hostname (or) hostname

if you were to add to this file + + it would let any user from any host login without a password.

The file would look like this:

----- cut here ------
+ +
_____ cut here ------

if they already had entry's you could add the + + under their host names, but remember now they would notice seeing they would now be able to rlogin without the password. You would be targeting people that did not already have a .rhosts file.

FTP

Another way to login will be FTP. You can use a windows client, or just login from a shell.

ftp ftp.domain.com

This will allow you to download or upload files to the site you are hacking. Just make sure to edit the xferlog (see section 6d) to wipe your tracks on the system. Remember NEVER to ftp or telnet out of the hacked system, only log into it! If you are coming from your own system, or from another hacked account you might just be giving your login and password to the system admin or another hacker on their system. There could be a telnetd or ftpd trojan loaded on the system, or even a sniffer. Now you would have just gave someone your login id and password. And if this was the system admin, he might have the idea that revenge is sweet ;)

Using ftp from the shell, I would suggest using a few commands:

After you login, and have your prompt, type these commands pressing enter after each one.

prompt
hash
bin

prompt will allow you to type a command like (mget *) or (mput*) and transfer an entire directory without having it prompt you for each file yes or no.

hash marks

hash will put ############ on the screen so you can see the transfer is still moving and at what speed.

bin will make sure you get the files in the right mode, and if transferring binary files, you will be sure they will uncompresses.

The transfer commands are easy, get filename, or, put filename, or for many files you can use regular wild cards with mput or mget.

GCC Compiler

There will be a time when you will need to compile a .c file.

It is best to compile on the machine you are working on. So upload or copy and past the files to the hacked box and compile them there. If you have problems with their compiler you can try to upload pre-compiled files.

One way to get the file up to the victims machine would be to use copy and paste. Get a good tsr or windows shareware program to do this if you do not have any way to do it now. You can copy a script file from one window and paste it into an editor on the victims machine, and then compile the new file. Walaa... no upload log of the file. You can copy and paste from the victims machine as well so that there are no download logs of ascii files.

To copy and paste you can just open an editor on the hacked box, and then copy from your other session, and paste your script into the editor and save the file. This way there will not be anything in the xferlog yet.

You can do the same thing with the password file. If you do decide to download the password file using ftp, make sure to copy it to your home directory first under a different name.

bash:/etc:> cp passwd $HOME/plog would copy the file called passwd from the /etc directory you were in, to your home directory in a file called plog instead of passwd. Admin's grep the xfer logs looking for who is downloading the password file.

Another way to get file to or from the box without showing up in the logs would be to open an irc session on the victims machine, then from your other session where you are already a user on irc, send the files using dcc.

The command to send the files would be /dcc send The command to get the file on the other side would be /dcc get

It would be nice if you had a bot loaded on the irc when you were hacking so that you could just send files to the bot and have it auto receive them.

A 'bot' is a robot program that you can load in the background on your shell account that will receive files, keep channels open, etc...

The GCC compiler is easy...

gcc filename.c -o filenameyouwant

If i was to compile a file called z2.c that would zap the log files i would type this:

gcc z2.c -o zap

This would give me a file that would exe, called zap

If I just typed : gcc z2.c I would have a file named a.out, that was the executable file and would have to rename it to zap, or some name I would know by doing this: mv a.out zap

Now I would have a file named zap that was executable instead of a.out.

You will want to make sure you are not naming these files names that sys admin's will know. If you had a sniffer file called 'linuxsniffer.c' you don't want to keep the same name ;) call it something like:

gcc linuxsniffer.c -o lsn

Remember also sometimes you can execute these files names right in the directory by just typing the file name like for our 'lsn' (sniffer) above just by typing lsn. But sometimes this will not work unless you add a ./ to the command. So remember, sometimes you will need to type ./lsn or your file name.

Also there will be a time you will want a program to run in the background even after you logoff. Like in the case of the sniffer above. In this case you might want to name your sniffer something that would not be so easy noticed. Use your own style here. BUT to make it stay in the background while you are off the system you need to run the command with a & after the command.

lsn&

If you were to just type lsn, your screen would pause, and you would not be able to type while the program was sniffing, but if you typed lsn& it would load and the system prompt would come right back to you. Also the system would let you know it was loaded by giving you the process id # that it was loaded as.

You could view the process with the ps -x command, you might want to run ps -auxe |more

a= all
u= show user
x= yours
e= env

some machines f=tree or command: pstree