UNIX Use and Security - By the Prophet.txt

1)U                *************************************************
                *************************************************
                **                                             **
                **         Unix Use and Security From          **
                **              The Ground Up                  **
                **                                             **
                **                   by                        **
                **                                             **
                **              The Prophet                    **
                **                                             **
                **                                             **
                *************************************************
                *************************************************

December 5, 1986.

INTRODUCTION
------------
        The Unix operating system is one of the most heavily used mainframe 
operating systems today. It runs on many different computers (Dec VAX's, AT&T's 
3bx series, PDP-11's, and just about any other you can think of- including 
PC's), and there are many different, but pretty much similar, versions of it. 
These Unix clones go by many different names- here are the most common: Xenix, 
Ultrix, Ros, IX/370 (for the IBM 370), PCIX (for the IBM PC), and Berkely (BSD) 
Unix. This file will concentrate on AT&T System V Unix, probably the most 
heavily used version. (The next most heavily used is Berkely Unix.) This file 
will cover just about everything all but THE most advanced hacker will need to 
know about the Unix system, from the most rodent information to advanced 
hacking techniques. This is the second version of this file, and as I discover 
any errors or new tricks, I will update it. This file is, to the best of my 
knowledge, totally accurate, however, and the techniques in it will work just 
as described herein. Note, that these techniques will work on System V Unix. 
Not necessarily all, but most, should work on most other versions of Unix as 
well. Later, if this file is received well, and there is demand for another, I 
will release a file on yet more advanced techniques. If you wish to contact me, 
I can be reached several ways. First, on these boards:

Shadow Spawn   219-659-1503
Private Sector 201-366-4431 (As prophet, not The Prophet...some rodent stole
                             my name.)
Ripco          312-528-5020
Stalag 13      215-657-8523
Phreak Klass 2600 806-799-0016

Or at this voice message system:

800-556-7001
Box 7023

I welcome any suggestions, corrections, or feedback of any kind. And lastly, 
thanks for taking the time to read this:

THE USUAL DISCLAIMER:
---------------------
        This file is for [of course] informational purposes only. <Snicker> I 
don't take responsibility for anything anyone does after reading this file.
_______________________________________________________________________________


IDENTIFYING UNIX SYSTEMS AND LOGGING IN
---------------------------------------
        A Unix system can easily be identified by its prompts. When you first 
connect to a Unix system, you should receive the login prompt, which is usually 
"Login:" (Note, that the first character may or may not be capitalized.) On 
some systems, this prompt may be ";Login:" or "User:" (Again, the first letter 
may or may not be capitalized.) This may be preceded by a short message, 
(usually something like "WARNING!!! This system is for authorized users 
only!"), the name of the company that owns the system, or the uucp network name 
of the system. (The uucp facilities will be explained in detail later.) At this 
point, you should enter the user name and press return. (You should be in 
lowercase if your terminal supports it.) You should then receive the password 
prompt, "Password:" (And yet again, the "P" may or may not be capitalized.) At 
this point, you should enter your password and press return. If you have 
specified the correct username/password pair, you will then be admitted into 
the system. If you have entered a non-existant username or an incorrect 
password, you will receive the message "Login incorrect" and will be returned 
to the login prompt. There is little information given before login, and there 
is no way to find valid usernames from pre-login information.
        There are no "default" passwords in Unix. When the system is initially 
set up, none of the default accounts or any of the accounts created by the 
system operators has a password, until the system operator or the account owner 
set one for the account. Often, lazy system operators and unwary users do not 
bother to password many (and in some cases, all) of these accounts. To log in 
under an account that doesn't have a password, you have only to enter the 
username at the login prompt. 
        You may encounter some occasional error messages when attempting to log 
in under certain accounts. Here are some of the more common messages, and their 
causes:
        1. "Unable to change directory to /usr/whatever"-This means that the 
                account's home directory, the directory which it is placed in
                upon logon, does not exist. On some systems, this may prevent
                you from logging under that account, and you will be returned
                to the login prompt. On other systems, you will simply be
                placed in the root directory. If this is the case, you will
                see the message "Changing directory to '/'".
        2. "No shell"-this means that the account's shell, or command 
                interpreter does not exist. On some systems, the account will
                not be allowed to log in, and you will be returned to the login
                prompt. On other systems, the account will be admitted into the
                system using a default shell, usually the Bourne shell. (The 
                shell will be explained later.) If this is the case, you will
                see the message "Using /bin/sh".


UNIX ACCOUNTS
-------------
        There are two types of Unix accounts-user and superuser accounts. User 
accounts are the normal user accounts. These accounts have no privileges. 
Superuser accounts are the system operator accounts. These accounts have full 
privileges, and are not bound by the file and directory protections of other 
users. In Unix, there is no hierarchy of privileges-either an account has full 
privileges, or it has none.
        Unix usernames are up to 14 characters long, but usually are within the 
range of 1-8. The usernames can contain almost any characters, including 
control and special characters. (The accounts will usually not contain the 
characters @, control-d, control-j, or control-x, as these characters have 
special meanings to the Unix operating system.) The Unix system comes initially 
configured with quite a few default accounts, some of which are superuser and 
some of which are only user-level accounts. Here is a list of the default 
accounts which usually have superuser privileges:
root (Always!)
makefsys
mountfsys
umountfsys
checkfsys

The root account is always present on the system, and always has superuser 
capabilities. (Note: most Unix System V systems come initially set up with a 
security feature that prevents superuser accounts from logging in remotely. If 
you attempt to log in under a superuser account remotely on a system with this 
feature, you will receive the message "Not on console", and will be refused 
admission to the operating system. This will NOT prevent you from using 
superuser accounts remotely-you simply have to log in under a user account and 
then switch over to a superuser account using the su utility, which will be 
described later.)
Here is a list of the user-level default accounts:
lp
daemon
trouble
nuucp
uucp
bin
rje
adm
sysadm
sync

The bin account, although it is only a user account, is particularly powerful, 
as it has ownership of many of the system's important directories and files. 
Although these are the only default accounts on System V Unix, there are many 
other accounts which I have found to be common to many Unix systems. Here is a 
list of some of the accounts I have found on many Unix systems:
batch           admin           user            demo            test
field           unix            guest           pub             public
standard        games           general         student         help
gsa             tty             lpadmin

Also try variations on the account names, such as rje1, rje2, user1, user2, 
etc. Also, try variations on people's names and initials, such as doej, doe,
john, johnd, jjd, etc.
        No matter what the format for the usernames, one thing is common to all 
systems-almost all of the usernames will begin with a lowercase letter. There 
is a good reason for this-when logging into the system, if the first character 
of the username you type in is in uppr-case, the system automatically assumes 
that your terminal does not support lower-case. It will then send all output to 
you in upper-case, with characters that are supposed to be upper-case preceded 
by a backslash ("\", the Unix escape character), to differentiate them from the 
characters which are meant to be in lower-case. Unix *always* differentiates 
between the cases, so it is best to stay in lower-case while on the system.
        As mentioned before, there are no "default" passwords on Unix. When an 
account is created, it has no password, until the superuser or the account's 
owner sets one for it. Unix passwords are a maximum of 11 characters. The 
password may contain any character, and the system distinguishes between upper 
and lower case characters. Many Unix systems implement a special security 
feature und...