[REVS] Hacking UNIX - Second Edition
From: SecuriTeam (support_at_securiteam.com)
Date: 05/19/05
- Previous message: SecuriTeam: "[TOOL] CacheDump - Recovering Windows Password Cache Entries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 19 May 2005 16:26:33 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Hacking UNIX - Second Edition
------------------------------------------------------------------------
SUMMARY
Hacking UNIX - Second Edition is a hacking guide for absolute beginners in
UNIX hacking. In total it took 3 years to write. It is meant to provide a
solid introduction to the matter, and also act as a reliable reference.
DETAILS
Introduction:
1.1. Readers
This book is aimed at readers that are absolute beginners in the area of
hacking. It attempts to turn the beginner into an intermediate level
"hacker" (though It is expected from the reader to do their homework). No
knowledge of programming is required.
Working knowledge of Unix-like systems is expected in order to understand
everything in here. If you have no knowledge of Unix systems or have never
heard of it, install a <http://www.linux.org/> GNU/Linux or
<http://www.freebsd.org/> *BSD system on your computer and study the
documentation.
The author tried to keep this book accessible for absolute beginners, that
is done through adding a "Fundamentals" part, if you think you already
have come quite far, you may be able to skip many things discussed in the
Fundamentals part and continue with the Basics. Though, it is the reader's
responsibility to go beyond this document and learn everything there is to
learn, references for this are included at the end of each chapter.
If you are an "accomplished" hacker you should find this document good
enough to refer beginners to.
1.4. How to learn
Many people have bad experiences with learning, especially learning for
school. But learning to hack should be interesting whilst you can decide
for yourself what to learn. Learning in itself can be as much fun as
hacking is. Sometimes you might even say that there is no difference
between learning to hack and hacking itself; "hacking is a way of learning
only limited to imagination and creativity".
The Internet is one thing that comes with this, everything you want to
know can be found on the Internet. Also, everything you want to know can
be acquired by reading source code, analyzing programs, protocols and
systems, that's just another way of learning.
Hacking is a very wide subject; most things computer-related are
hackingrelated. Learning to hack is about learning about computer
technology and learning techniques to exploit technology in ways that were
never supposed to be possible[6](->6You clearly see Hacking doesn't
necessarily have to do with computersecurity, i.e.: Exploiting). The more
you know about a certain aspect of computing, the easier it gets to do
interesting things with it. That is, if you are creative enough. Once you
have this great idea you can proof the idea is real by taking advantage of
it, nothing is more rewarding than that.
Learning to hack is a challenge on its own. This is one of the reasons why
some hackers (including me) perform bad at school because they believe
learning should be a challenge, but school teaches alot of things that are
not interesting nor challenging. Learning to hack always delivers
immediate results. If you learn about some technology you will
automatically 'dream' about the security implications of various
properties of the technology. If you learn about a programming language
you can directly start coding. If you learn about software you can
directly try using it. The thing you see alot is that people learn things
once they need it, which makes knowledge directly useful. However that is
my personal way of learning. didn't learn programming by just following
the examples in the Kernighan and Ritchie C Programming book, but mostly
by reading code and by simply wanting to code a certain tool, translate an
idea into code. Also, because of the Internet you can be selective, and
one thing you will learn is that you don't need to learn from one
textbook. Always remember that a hacker should never be bored. If you
think something is boring, skip through it, you probably don't need it.
Things usually get interesting once you recognize their implications,
you'll naturally want to understand things then.
So the big difference between learning at school and hacking is that the
things you can achieve (namely; things that should not be possible)
fascinate, drive and thus motivate you to understand things. It works the
other way around too, you might be studying something for some purpose and
then realize the things you can achieve are far more interesting (and
different) than the reason you first looked into it.
Knowledge can be gathered in all kinds of ways. Hacking can be used to
gather knowledge, not only to use that knowledge against the system but to
really understand how things work. A hacker is not bound to one textbook,
hell if there's no information available the hacker will reverse engineer
technology by himself, sometimes using "hacks" to gather such information.
1.4.1. Learning to learn
If you're used to learning only for school you may think learning is; grab
a book, read theory, do some exercises. This may be the reason why you
have this book. However, you cannot learn hacking by reading some books.
Books can show you the right direction, but in the end you need to
(re)discover techniques yourself, you must really understand why people
did things in a certain way. You need to understand how things work, why,
and most importantly try to understand how techniques were founded, they
may include valuable insights: Think like the master, or be a user
forever.
This book tries to emphasize not on the static knowledge and techniques
used in hackerland, but on the mindset of the hacker that pioneered
techniques and methods. That is, try to stimulate you in thinking like a
hacker. So this book is like a guide, it doesn't cover everything, but
there's no book that does/should. This book is an introduction into
advanced things. So, don't think you won't learn anything from this book,
that don't cover the technical aspects as much as other papers; it does,
but believe any book on Hacking you can find is just that; introductory
material.
1.4.2. Information seeking
When you're still a newbie you may have much trouble finding information.
Finding information can be considered one skill of a hacker; becoming a
master webseeker. There is a lot of information on the Internet on
becoming a good web searcher, the best can think of is +Fravia's
Websearching lores (http://www.searchlores.org/). Don't underestimate the
power of master seekers... any information you want to know about is out
there. If you combine that with your other hacking skills you learned,
you're
unstoppable. It's interesting to compare a webseeker with a hacker. The
average websearcher will go to google.com, try some words and doesn't find
what he's looking for and assumes it's not there. A newbie hacker is just
like that, he checks for some known holes, if they are not there he gives
up. A master webseeker however will seek for very creative ways, almost
artistic ones to try and discover the knowledge he's looking for. The fun
of the master webseeker lies not in finding the information, but the
creativity required to figure out means to get to that information. If
that wasn't true, why put so much energy in finding it? No, it's the quest
for knowledge that drives them. If that doesn't apply to you, then hacking
is not for you; then you are one of those people that like the paycheck,
not the work. In other words, the Hacking aspect of for example
compromising a computer system, lies not in having access to the system on
itself, but on the process of achieving this goal. The master webseeker
knows and believes that the information can be found somewhere on the net,
just like a master hacker knows that a hole is somewhere in the system.
The process of knowledge gathering itself can result in very interesting
new approaches to accomplish something. Hacks are found during the process
of achieving a goal, or by recognizing the implications of something that
occurs, which is exactly the fun in hacking; you never know what new
methods need to be discovered. This is why hackers are responsible for a
lot of progress; Nothing is impossible, they just may require another way
of thinking.
Once you learned other hacker skills you will be able to use these skills
to acquire more information (these skills are usually used for research)
like reverse engineering, reading source code, analyzing network traffic,
etcetera, whatever is applicable.
If you still can't find an answer after reading books and searching the
web you may need to ask someone.. hope you now recognize that hacking is
not something you can learn from a textbook. A hacker's advantage lies in
its ability to hack; find and recognize new ways of acquiring critical
details to have a critical advantage. If hackers would rely on textbooks,
there would be no way to break into relatively secure systems. A hacker
needs to be one step ahead, the advantage of knowing something that was
overlooked by others.
1.5. Asking questions
"How do hack?" The "good"-old "how-to-hack" question. As mentioned,
hacking is a very wide subject, the question "how do i hack" raises
irritation because of this. You can do hacking in almost any area of
computing: networking, hardware, operating system, programs, etcetera. And
then these subjects can be divided into dozens of other area's. And then
there are numerous targets left over. And then there are numerous methods
of hacking targets. And then there's the question of what you want to do;
break security, fix security or research that area? As the author of this
book suggest you never ask someone "how do i hack".
Actually, here comes rule one:
1. Only ask a question as a last resort.
Learning is all about finding answers to questions, one question raises an
answer and a dozen new questions. To make matters worse; Hacking is all
about learning, hacking is about the question of how to find an answer to
a question, where the answer is usually some very remote, weird but
creative method to seek that knowledge. Maybe you recognize this as the
way scientists work to learn something in a new area. Hackers do the same,
in fact research in a scientific way may be exactly what hacking is all
about. Therefor you can learn hacking by asking the same questions as the
pioneers, and not by just accepting things for fact. Many failures in
security happen because implementors didn't understand the real reason of
why things are done in a certain way, go figure.
Rule two becomes:
2. Where there's a correct question, there's always a correct answer. If
you give up too soon on finding an answer you are considered a lamer;
someone that doesn't want, or doesn't like to learn, basically the enemy
of a hacker! And what is more lame than the question "how do i hack", it
violates another (previously unwritten) rule, here comes the third rule:
3. Only ask specific questions
When asking something that cannot be answered easily because the question
is not specific enough, this proves you have done little research into the
subject. Imagine someone asking a musician; "how to make music?".
Say you heard about kernel hacking, you searched the net but you found out
"kernel hacking" has something to do with the development of a kernel.
However, in the context you first heard the word, it seemed to have a
different meaning, and now you cannot find it in that other meaning. Now
if you would ask "what is kernel hacking?", then this would greatly
irritate people you ask it to because they ask themselves; "what kind of
kernel hacking does he mean!?" and you will be labeled "lamer". Now, a
better way to ask is: "heard about the term `kernel hacking' and it seemed
interesting. Now searched for information on `kernel hacking' but only
find the term in the context of `kernel development'. My question is
whether the term `kernel hacking' as in `breaking security'? If so, can
you suggest a good place where can find more information on this
subject?". That question requires more effort but it shows you are willing
to learn and know their time is valuable. A good formulation of the
question makes it easier for people to answer. Of course always use proper
English, people don't appreciate a question like "H3y dude, you l33t? no
were to f1nd good infoz on 0verflowz?". Yeah, it's pathetic, but I've seen
them. If you are bad at a particular language try your best and apologize.
If you really tried to find the answer yourself and also tried to
formulate your question the best you can, there is no reason for people to
flame you, but you still need to make sure you ask the question to the
right (group of) people. If they still flame you they probably don't know
nothing and are a bunch of lamers that don't know what they're talking
about, find good hackers elsewhere.
Download Information:
The whitepaper can be obtained at:
<http://www.hackaholic.org/Hacking_Unix_2/hacking_unix_2nd-a4.pdf>
http://www.hackaholic.org/Hacking_Unix_2/hacking_unix_2nd-a4.pdf
And in text form:
<http://www.hackaholic.org/Hacking_Unix_2/hacking_unix_2nd.txt>
http://www.hackaholic.org/Hacking_Unix_2/hacking_unix_2nd.txt
ADDITIONAL INFORMATION
The original article can be found at:
<http://www.hackaholic.org/Hacking_Unix_2/>
http://www.hackaholic.org/Hacking_Unix_2/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] CacheDump - Recovering Windows Password Cache Entries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
