All about ftp must read
Setting Up A Ftp:
Well, since many of us have always wondered this, here it is. Long and drawn out. Also, before attempting this, realize one thing; You will have to give up your time, effort, bandwidth, and security to have a quality ftp server.
That being said, here it goes. First of all, find out if your IP (Internet Protocol) is static (not changing) or dynamic (changes everytime you log on). To do this, first consider the fact if you have a dial up modem. If you do, chances are about 999 999 out of 1 000 000 that your IP is dynamic. To make it static, just go to a place like h*tp://www.myftp.org/ to register for a static ip address.
You'll then need to get your IP. This can be done by doing this:
Going to Start -> Run -> winipcfg or www.ask.com and asking 'What is my IP?'
After doing so, you'll need to download an FTP server client. Personally, I'd recommend G6 FTP Server, Serv-U FTPor Bullitproof v2.15 all three of which are extremely reliable, and the norm of the ftp world.
You can download them on this site: h*tp://www.liaokai.com/softw_en/d_index.htm
First, you'll have to set up your ftp. For this guide, I will use step-by-step instructions for G6. First, you'll have to go into 'Setup -> General'. From here, type in your port # (default is 21). I recommend something unique, or something a bit larger (ex: 3069). If you want to, check the number of max users (this sets the amount of simultaneous maximum users on your server at once performing actions - The more on at once, the slower the connection and vice versa).
The below options are then chooseable:
-Launch with windows
-Activate FTP Server on Start-up
-Put into tray on startup
-Allow multiple instances
-Show "Loading..." status at startup
-Scan drive(s) at startup
-Confirm exit
You can do what you want with these, as they are pretty self explanatory. The scan drive feature is nice, as is the 2nd and the last option. From here, click the 'options' text on the left column.
To protect your server, you should check 'login check' and 'password check', 'Show relative path (a must!)', and any other options you feel you'll need. After doing so, click the 'advanced' text in the left column. You should then leave the buffer size on the default (unless of course you know what you're doing ), and then allow the type of ftp you want.
Uploading and downloading is usually good, but it's up to you if you want to allow uploads and/or downloads. For the server priority, that will determine how much conventional memory will be used and how much 'effort' will go into making your server run smoothly.
Anti-hammering is also good, as it prevents people from slowing down your speed. From here, click 'Log Options' from the left column. If you would like to see and record every single command and clutter up your screen, leave the defaults.
But, if you would like to see what is going on with the lowest possible space taken, click 'Screen' in the top column. You should then check off 'Log successful logins', and all of the options in the client directry, except 'Log directory changes'. After doing so, click 'Ok' in the bottom left corner.
You will then have to go into 'Setup -> User Accounts' (or ctrl & u). From here, you should click on the right most column, and right click. Choose 'Add', and choose the username(s) you would like people to have access to.
After giving a name (ex: themoonlanding), you will have to give them a set password in the bottom column (ex: wasfaked). For the 'Home IP' directory, (if you registered with a static server, check 'All IP Homes'. If your IP is static by default, choose your IP from the list. You will then have to right click in the very center column, and choose 'Add'.
From here, you will have to set the directory you want the people to have access to. After choosing the directory, I suggest you choose the options 'Read', 'List', and 'Subdirs', unless of course you know what you're doing . After doing so, make an 'upload' folder in the directory, and choose to 'add' this folder seperately to the center column. Choose 'write', 'append', 'make', 'list', and 'subdirs'. This will allow them to upload only to specific folders (your upload folder).
Now click on 'Miscellaneous' from the left column. Choose 'enable account', your time-out (how long it takes for people to remain idle before you automatically kick them off), the maximum number of users for this name, the maximum number of connections allowed simultaneously for one ip address, show relative path (a must!), and any other things at the bottom you'd like to have. Now click 'Ok'.
**Requested**
From this main menu, click the little boxing glove icon in the top corner, and right click and unchoose the hit-o-meter for both uploads and downloads (with this you can monitor IP activity). Now click the lightning bolt, and your server is now up and running.
Post your ftp info, like this:
213.10.93.141 (or something else, such as: 'f*p://example.getmyip.com')
User: *** (The username of the client)
Pass: *** (The password)
Port: *** (The port number you chose)
So make a FTP and join the FTP section
Listing The Contents Of A Ftp:
Listing the content of a FTP is very simple.
You will need FTP Content Maker, which can be downloaded from here:
ht*p://www.etplanet.com/download/application/FTP%20Content%20Maker%201.02.zip
1. Put in the IP of the server. Do not put "ftp://" or a "/" because it will not work if you do so.
2. Put in the port. If the port is the default number, 21, you do not have to enter it.
3. Put in the username and password in the appropriate fields. If the login is anonymous, you do not have to enter it.
4. If you want to list a specific directory of the FTP, place it in the directory field. Otherwise, do not enter anything in the directory field.
5. Click "Take the List!"
6. After the list has been taken, click the UBB output tab, and copy and paste to wherever you want it.
If FTP Content Maker is not working, it is probably because the server does not utilize Serv-U Software.
If you get this error message:
StatusCode = 550
LastResponse was : 'Unable to open local file test-ftp'
Error = 550 (Unable to open local file test-ftp)
Error = Unable to open local file test-ftp = 550
Close and restart FTP Content Maker, then try again.
error messages:
110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
120 Service ready in nnn minutes.
125 Data connection already open; transfer starting.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message. On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.
215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
220 Service ready for new user.
221 Service closing control connection. Logged out if appropriate.
225 Data connection open; no transfer in progress.
226 Closing data connection. Requested file action successful (for example, file transfer or file abort).
227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed.
250 Requested file action okay, completed.
257 "PATHNAME" created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information.
421 Too many users logged to the same account
425 Can't open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted: local error in processing.
452 Requested action not taken. Insufficient storage space in system.
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted: page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 Requested action not taken. File name not allowed.
Active FTP vs. Passive FTP, a Definitive Explanation
Introduction
One of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.
This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...
The Basics
FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.
Active FTP
In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.
From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)
FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)
In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.
The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.
Active FTP Example
Below is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the second two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.
Passive FTP
In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.
From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)
FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)
In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port.
While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.
The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.
With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.
Passive FTP Example
Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.
Summary
The following chart should help admins remember how each FTP mode works:
Active FTP :
command : client >1024 -> server 21
data : client >1024 <- server 20
Passive FTP :
command : client >1024 -> server 21
data : client >1024 -> server >1024
A quick summary of the pros and cons of active vs. passive FTP is also in order:
Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.
Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously.
Trick by : Infintytricks.blogspot.com
Search
All about ftp must read
Advanced Shellcoding Techniques
Advanced Shellcoding Techniques
This paper assumes a working knowledge of basic shellcoding techniques, and x86 assembly, I will not rehash these in this paper. I hope to teach you some of the lesser known shellcoding techniques that I have picked up, which will allow you to write smaller and better shellcodes. I do not claim to have invented any of these techniques, except for the one that uses the div instruction.
The multiplicity of mul
This technique was originally developed by Sorbo of darkircop.net. The mul instruction may, on the surface, seem mundane, and it's purpose obvious. However, when faced with the difficult challenge of shrinking your shellcode, it proves to be quite useful. First some background information on the mul instruction itself.
mul performs an unsigned multiply of two integers. It takes only one operand, the other is implicitly specified by the %eax register. So, a common mul instruction might look something like this:
movl $0x0a,%eax
mul $0x0a
This would multiply the value stored in %eax by the operand of mul, which in this case would be 10*10. The result is then implicitly stored in EDX:EAX. The result is stored over a span of two registers because it has the potential to be considerably larger than the previous value, possibly exceeding the capacity of a single register(this is also how floating points are stored in some cases, as an interesting sidenote).
So, now comes the ever-important question. How can we use these attributes to our advantage when writing shellcode? Well, let's think for a second, the instruction takes only one operand, therefore, since it is a very common instruction, it will generate only two bytes in our final shellcode. It multiplies whatever is passed to it by the value stored in %eax, and stores the value in both %edx and %eax, completely overwriting the contents of both registers, regardless of whether it is necessary to do so, in order to store the result of the multiplication. Let's put on our mathematician hats for a second, and consider this, what is the only possible result of a multiplication by 0? The answer, as you may have guessed, is 0. I think it's about time for some example code, so here it is:
xorl %ecx,%ecx
mul %ecx
What is this shellcode doing? Well, it 0's out the %ecx register using the xor instruction, so we now know that %ecx is 0. Then it does a mul %ecx, which as we just learned, multiplies it's operand by the value in %eax, and then proceeds to store the result of this multiplication in EDX:EAX. So, regardless of %eax's previous contents, %eax must now be 0. However that's not all, %edx is 0'd now too, because, even though no overflow occurs, it still overwrites the %edx register with the sign bit(left-most bit) of %eax. Using this technique we can zero out three registers in only three bytes, whereas by any other method(that I know of) it would have taken at least six.
The div instruction
Div is very similar to mul, in that it takes only one operand and implicitly divides the operand by the value in %eax. Also like, mul it stores the result of the divide in %eax. Again, we will require the mathematical side of our brains to figure out how we can take advantage of this instruction. But first, let's think about what is normally stored in the %eax register. The %eax register holds the return value of functions and/or syscalls. Most syscalls that are used in shellcoding will return -1(on failure) or a positive value of some kind, only rarely will they return 0(though it does occur). So, if we know that after a syscall is performed, %eax will have a non-zero value, and that the instruction divl %eax will divide %eax by itself, and then store the result in %eax, we can say that executing the divl %eax instruction after a syscall will put the value 1 into %eax. So...how is this applicable to shellcoding? Well, their is another important thing that %eax is used for, and that is to pass the specific syscall that you would like to call to int $0x80. It just so happens that the syscall that corresponds to the value 1 is exit(). Now for an example:
xorl %ebx,%ebx
mul %ebx
push %edx
pushl $0x3268732f
pushl $0x6e69622f
mov %esp, %ebx
push %edx
push %ebx
mov %esp,%ecx
movb $0xb, %al #execve() syscall, doesn't return at all unless it fails, in which case it returns -1
int $0x80
divl %eax # -1 / -1 = 1
int $0x80
Now, we have a 3 byte exit function, where as before it was 5 bytes. However, there is a catch, what if a syscall does return 0? Well in the odd situation in which that could happen, you could do many different things, like inc %eax, dec %eax, not %eax anything that will make %eax non-zero. Some people say that exit's are not important in shellcode, because your code gets executed regardless of whether or not it exits cleanly. They are right too, if you really need to save 3 bytes to fit your shellcode in somewhere, the exit() isn't worth keeping. However, when your code does finish, it will try to execute whatever was after your last instruction, which will most likely produce a SIG ILL(illegal instruction) which is a rather odd error, and will be logged by the system. So, an exit() simply adds an extra layer of stealth to your exploit, so that even if it fails or you can't wipe all the logs, at least this part of your presence will be clear.
Unlocking the power of leal
The leal instruction is an often neglected instruction in shellcode, even though it is quite useful. Consider this short piece of shellcode.
xorl %ecx,%ecx
leal 0x10(%ecx),%eax
This will load the value 17 into eax, and clear all of the extraneous bits of eax. This occurs because the leal instruction loads a variable of the type long into it's desitination operand. In it's normal usage, this would load the address of a variable into a register, thus creating a pointer of sorts. However, since ecx is 0'd and 0+17=17, we load the value 17 into eax instead of any kind of actual address. In a normal shellcode we would do something like this, to accomplish the same thing:
xorl %eax,%eax
movb $0x10,%eax
I can hear you saying, but that shellcode is a byte shorter than the leal one, and you're quite right. However, in a real shellcode you may already have to 0 out a register like ecx(or any other register), so the xorl instruction in the leal shellcode isn't counted. Here's an example:
xorl %eax,%eax
xorl %ebx,%ebx
movb $0x17,%al
int $0x80
xorl %ebx,%ebx
leal 0x17(%ebx),%al
int $0x80
Both of these shellcodes call setuid(0), but one does it in 7 bytes while the other does it in 8. Again, I hear you saying but that's only one byte it doesn't make that much of a difference, and you're right, here it doesn't make much of a difference(except for in shellcode-size pissing contests =p), but when applied to much larger shellcodes, which have many function calls and need to do things like this frequently, it can save quite a bit of space.
Conclusion
I hope you all learned something, and will go out and apply your knowledge to create smaller and better shellcodes. If you know who invented the leal technique, please tell me and I will credit him/her.
Trick by : Infintytricks.blogspot.com
Accessing The Entire Internet On Your 3 Phone, U8110, E616
Accessing The Entire Internet On Your 3 Phone, U8110, E616
If you have a phone thats with the provider 3 theres a simple trick to allow you to access the entire internet on its browser without having to go through 3 services and only what they want to allow you access to view.
Simply do the following.
Menu - 9 (for settings) - 5 (for access points) - Edit the 3 Services
Change the APN (down the bottom) from 3services to 3netaccess
Restart the phone
And you can now access the entire internet through your phones browser.
Remember you'll have to change it back if you want to access 3 services.
Changing it in the browser doesn't seem to work.
I have tried this on my U8110 and it worked perfectly
Things to note:
* Remember that you are charged for all downloads (.4c per kb on most plans) so if your cautious about your phone bill id advise staying away from sites with loads of pictures.
* Also, some people have had trouble where they have accessed a site with too much information on it and the phone has either froze or reset. The phone is not harmed by this but its advisable you dont go to large sites on it for this or the above reason. If your phone freezes and you cant turn it off simply take the battery out and put it back in.
Trick by : Infintytricks.blogspot.com
A very small tutorial for RealMedia
A very small tutorial for RealMedia
You may find this helpful if you donwload hundreds of short episodes in rm format like me and tired of double-click to open next files.
Very easy. Use notepad to open a new file, type this inside:
file://link to file1
file://link to file2
(type as many as you want)
Close file. Rename it to FileName.rm
Then you`re done!!!!
Ex:
I put my playlist file here: C:\Movies\7VNR
And the movie files are in C:\Movies\7VNR\DragonBall
Then inside my playlist file I`ll have something like this:
file://DragonBall/db134.rm
file://DragonBall/db135.rm
file://DragonBall/db136.rm
file://DragonBall/db137.rm
file://DragonBall/db138.rm
A Trick by: http://infintytricks.blogspot.com/
A Novice's Guide To Hacking
A Novice's Guide To Hacking
This file is an addendum to "A Novice's Guide To Hacking" written by "The
Mentor". The word "hacking" is here used the way the non-hacking public
thinks it is used, to mean breaking into somebody else's computer. Its
purpose is to expand and clarify the information about the TOPS-20 operating
system, which runs on DECsystem-20 mainframes. The Mentor basically lumped
this system in with TOPS-10 and didn't note important differences between the
two. I will here reproduce in full what The Mentor had to say about TOPS-10
and about VMS, which are the parent and the offspring of TOPS-20.
VMS- The VAX computer is made by Digital Equipment Corporation (DEC),
and runs the VMS (Virtual Memory System) operating system.
VMS is characterized by the 'Username:' prompt. It will not tell
you if you've entered a valid username or not, and will disconnect
you after three bad login attempts. It also keeps track of all
failed login attempts and informs the owner of the account next time
s/he logs in how many bad login attempts were made on the account.
It is one of the most secure operating systems around from the
outside, but once you're in there are many things that you can do
to circumvent system security. The VAX also has the best set of
help files in the world. Just type HELP and read to your heart's
content.
Common Accounts/Defaults: [username: password [[,password]] ]
SYSTEM: OPERATOR or MANAGER or SYSTEM or SYSLIB
OPERATOR: OPERATOR
SYSTEST: UETP
SYSMAINT: SYSMAINT or SERVICE or DIGITAL
FIELD: FIELD or SERVICE
GUEST: GUEST or unpassworded
DEMO: DEMO or unpassworded
DECNET: DECNET
DEC-10- An earlier line of DEC computer equipment, running the TOPS-10
operating system. These machines are recognized by their
'.' prompt. The DEC-10/20 series are remarkably hacker-friendly,
allowing you to enter several important commands without ever
logging into the system. Accounts are in the format [xxx,yyy] where
xxx and yyy are integers. You can get a listing of the accounts and
the process names of everyone on the system before logging in with
the command .systat (for SYstem STATus). If you seen an account
that reads [234,1001] BOB JONES, it might be wise to try BOB or
JONES or both for a password on this account. To login, you type
.login xxx,yyy and then type the password when prompted for it.
The system will allow you unlimited tries at an account, and does
not keep records of bad login attempts. It will also inform you
if the UIC you're trying (UIC = User Identification Code, 1,2 for
example) is bad.
Common Accounts/Defaults:
1,2: SYSLIB or OPERATOR or MANAGER
2,7: MAINTAIN
5,30: GAMES
**** note: I'm remembering this stuff from several years ago, and in some
cases my memory may be foggy or stuff may be outdated.
TOPS-20, once you are inside, resembles VMS much more than it resembles
TOPS-10, as far as I know (I'm not really familiar with VMS). From the
outside, it's more like TOPS-10, except that the prompt is a @ instead of a
period. You can enter many commands without logging in, including SYSTAT and
probably FINGER. (Sometimes you can even use the mail program without
logging in.) It is very helpful. Not only does the command HELP lead to
lots of useful information, but anywhere in typing a command you can press ?
and it will tell you what the format of the command expects. For instance,
if you type ? by itself, it will tell you all the words that a command can
begin with. If you type S?, it will tell you all the commands that start
with the letter S. If you type SYSTAT ?, it will tell you the options
available on the systat command. You can use this at any point in any
command. Furthermore, if there is only one possibility (you have typed a
unique abbreviation), you can press Escape and it will finish the word for
you. I'm not sure, but I think TOPS-20 was the system that first introduced
filename completion as well --turning a uniquely abbreviated filename into a
complete name when you press escape, beeping if the abbreviation is not
unique. With command keywords you can leave the abbreviation un-expanded,
with filenames you have to expand it (or type it all in) for it to work.
Use the "Login" command to log in, followed by a username. It will prompt
for a password. Note that a password can be something like 39 characters
long, as can the username itself. TOPS-20 does NOT use numbers like 317,043
for user IDs. (Note that these numbers in TOPS-10 are octal, not decimal.)
Furthermore, the password can contain spaces. So, if somebody wants to make
his password difficult to guess, he can easily do so.
(But sometimes they might get overconfident. I remember a story from
Stanford... Someone asked the large cheese if he would let him know what the
operator password was, and he said "The operator password is currently
unavailable." So the guy tried "currently unavailable" as a password, and
got in. (Which reminds me of the time they got a real bug in the system
there... a head crash caused by an ant on the disk platter.))
In general, TOPS-20 does not limit the number of login attempts, nor does it
keep a record of bad tries. However, it is not difficult for the local
management to add such measures, or others such as a delay of several seconds
after each attempt. And unlike Unix, it is difficult to evade these even
once you're in. Without heavy in-depth knowledge, you can't test a username-
password combination except through a system call, which will enforce delays
and limited failures and such against password-trying programs.
So, TOPS-20 is easy to defend against the "database hack", in which you try
many different common passwords with many different usernames. (Unix is
much more vulnerable to this.) But any particular system, especially a lax
one like a college machine (DEC is always popular in academia), might have
little defense here. But you might not know how much defense until too late.
Do try the GUEST username.
But TOPS-20 can be very vulnerable to trojan horses. See, there's this thing
called the Wheel bit. A username that has the Wheel property can do anything
the system operator can do, such as ignore file protection masks, edit the
disks at the track/sector level, change any area of memory... On Unix, only
one user, the superuser, can read and write protected files. On TOPS-20, any
user can do these things from any terminal, if the Wheel attribute is set in
his user data. Some campus computers tend to accumulate excess trusted users
with wheel bits, and have to periodically prune away the unnecessary ones.
The thing is that a wheel can do these things without knowing that he has
done them. Normally the privileged commands are deactivated. But a program
run by a wheel can activate the privileges, do anything it wants, cover its
tracks, and deactivate them without the user ever being the wiser. So if you
can get any wheel user to run any program you wrote, such as a game or small
utility... there's no limit to what you can do. In particular, you can
create a new username, and make it a wheel. Or you can simply ask the system
outright for someone's password, if I'm not mistaken. (All this requires
access to TOPS-20 programming manuals, but some of the necessary material
should be available on line.) You cannot actually conceal this creation, as
far as I know... but maybe with sophisticated enough knowledge you could
make it not immediately apparent... Anyway, once you get that far in, you can
probably keep one step ahead of them for a while... If they erase your new
accounts, you can use the passwords to old ones... They can change all of
the wheel passwords, but a lot of the regular users won't change for some
time... You could even lock the operators out of their own system by
changing all their passwords for them, if you were crazy enough, perhaps
forcing them to shut the machine down to regain control of it. They might
even have to restore stuff from tape backup.
Even if you don't wedge your way into secret stuff, a TOPS-20 system can be
fun to explore. It's much more novice-friendly than most systems, and much
more hacker-friendly as well. I think the ascendency of Unix as the least-
common-denominator OS that everybody can agree on is a definite loss,
compared to TOPS-20.
A Trick by : http://infintytricks.blogspot.com/
Guide to the easiest 'hacking'
Guide to the easiest 'hacking'
OK, this is mini guide to the easiest 'hacking' there is ( I think ) if any
one knows different then mail me and tell me :) .
Most FTP servers have the directory /pub which stores all the 'public' information
for you to download. But along side /pub you will probably find other directorys
such as /bin and /etc its the /etc directory which is important. In this directory
there is normally a file called passwd. . This looks something like this :-
root:7GHgfHgfhG:1127:20:Superuser
jgibson:7fOsTXF2pA1W2:1128:20:Jim Gibson,,,,,,,:/usr/people/jgibson:/bin/csh
tvr:EUyd5XAAtv2dA:1129:20:Tovar:/usr/people/tvr:/bin/csh
mcn:t3e.QVzvUC1T.:1130:20:Greatbear,,,,,,,:/usr/people/mcn:/bin/csh
mouse:EUyd5XAAtv2dA:1131:20:Melissa P.:/usr/people/mouse:/bin/csh
This is where all the user names and passwords are kept. For example, root is
the superuser and the rest are normal users on the site. The bit after the word
root or mcn such as in this example (EUyd5XAAtv2dA) is the password BUT it is
encrypted. So you use a password cracker....which you can d/l from numerous sites
which I will give some URL's to at the end of this document. With these password
crackers you will be asked to supply a passwd. file which you download from the
\etc directory of the FTP server and a dictionary file which the crackers progam
will go through and try to see if it can make any match. And as many people use
simple passwords you can use a 'normal' dictionary file. But when ppl REALLY don't
want you to break their machines they set their passwords to things such as GHTiCk45
which Random Word Generator will create (eventually ). Which is where programs such
as Random Word Generator come in. ( Sorry just pluging my software )
BTW the bad news is that new sites NORMALLY have password files which look like this :-
root:x:0:1:0000-Admin(0000):/:/sbin/sh
The x signifies shadowed - you can't use a cracker to crack it because there's nothing
there to crack, its hidden somewhere else that you can't get to. x is also represented
as a * or sometimes a . Ones like the top example are known as un-shadowed password
files normally found at places with .org domain or .net and prehaps even .edu sites.
(Also cough .nasa.gov cough sites).
If you want a normal dictionary file i recommend you go to
http://www.globalkos.org and download kOS Krack which
has a 3 MEG dictionary file. Then run a .passwd cracking program
such as jack the ripper or hades or killer crack ( I recommend ) against the
.passwd file and dictionary file. Depending upon the amount of passwords in
the .passwd file, the size of the dictionary file and the speed of the processor
it could be a lengthy process.
Eventually once you have cracked a password you need a basic knowledge of unix.
I have included the necassary commands to upload a different index.html file to
a server :-
Connect to a server through ftp prefably going through a few shells to hide your
host and login using the hacked account at the Login: Password: part.
Then once connected type
dir or list
If there's a directory called public_html@ or something similar change directory
using the Simple dos cd command ( cd public_html )
Then type binary to set the mode to binary transfer ( so you can send images if
necassary )
Then type put index.html or whatever the index file is called.
It will then ask which transfer you wish to use, Z-Modem is the best.
Select the file at your end you wish to upload and send it.
Thats it !
If you have root delete any log files too.
Please note that this process varys machine to machine.
To change the password file for the account ( very mean ) login in through telnet
and simply type passwd at the prompt and set the password for the account to anything
you wish.
Thats it....if ya don't understand it read it about 10x if ya still don't ask someone
else i am too busy with errrr stuff..
A Trick by : http://infintytricks.blogspot.com/
A Guide to Internet Security: Becoming an Uebercracker
A Guide to Internet Security: Becoming an Uebercracker
and Becoming an UeberAdmin to stop Uebercrackers.
Author: Christopher Klaus
Date: December 5th, 1993.
Version: 1.1
This is a paper will be broken into two parts, one showing 15 easy steps
to becoming a uebercracker and the next part showing how to become a
ueberadmin and how to stop a uebercracker. A uebercracker is a term phrased
by Dan Farmer to refer to some elite (cr/h)acker that is practically
impossible to keep out of the networks.
Here's the steps to becoming a uebercracker.
Step 1. Relax and remain calm. Remember YOU are a Uebercracker.
Step 2. If you know a little Unix, you are way ahead of the crowd and skip
past step 3.
Step 3. You may want to buy Unix manual or book to let you know what
ls,cd,cat does.
Step 4. Read Usenet for the following groups: alt.irc, alt.security,
comp.security.unix. Subscribe to Phrack@well.sf.ca.us to get a background
in uebercracker culture.
Step 5. Ask on alt.irc how to get and compile the latest IRC client and
connect to IRC.
Step 6. Once on IRC, join the #hack channel. (Whew, you are half-way
there!)
Step 7. Now, sit on #hack and send messages to everyone in the channel
saying "Hi, Whats up?". Be obnoxious to anyone else that joins and asks
questions like "Why cant I join #warez?"
Step 8. (Important Step) Send private messages to everyone asking for new
bugs or holes. Here's a good pointer, look around your system for binary
programs suid root (look in Unix manual from step 3 if confused). After
finding a suid root binary, (ie. su, chfn, syslog), tell people you have a
new bug in that program and you wrote a script for it. If they ask how it
works, tell them they are "layme". Remember, YOU are a UeberCracker. Ask
them to trade for their get-root scripts.
Step 9. Make them send you some scripts before you send some garbage file
(ie. a big core file). Tell them it is encrypted or it was messed up and
you need to upload your script again.
Step 10. Spend a week grabbing all the scripts you can. (Dont forget to be
obnoxious on #hack otherwise people will look down on you and not give you
anything.)
Step 11. Hopefully you will now have atleast one or two scripts that get
you root on most Unixes. Grab root on your local machines, read your
admin's mail, or even other user's mail, even rm log files and whatever
temps you. (look in Unix manual from step 3 if confused).
Step 12. A good test for true uebercrackerness is to be able to fake mail.
Ask other uebercrackers how to fake mail (because they have had to pass the
same test). Email your admin how "layme" he is and how you got root and how
you erased his files, and have it appear coming from satan@evil.com.
Step 13. Now, to pass into supreme eliteness of uebercrackerness, you brag
about your exploits on #hack to everyone. (Make up stuff, Remember, YOU are
a uebercracker.)
Step 14. Wait a few months and have all your notes, etc ready in your room
for when the FBI, Secret Service, and other law enforcement agencies
confinscate your equipment. Call eff.org to complain how you were innocent
and how you accidently gotten someone else's account and only looked
because you were curious. (Whatever else that may help, throw at them.)
Step 15. Now for the true final supreme eliteness of all uebercrackers, you
go back to #hack and brag about how you were busted. YOU are finally a
true Uebercracker.
Now the next part of the paper is top secret. Please only pass to trusted
administrators and friends and even some trusted mailing lists, Usenet
groups, etc. (Make sure no one who is NOT in the inner circle of security
gets this.)
This is broken down on How to Become an UeberAdmin (otherwise know as a
security expert) and How to stop Uebercrackers.
Step 1. Read Unix manual ( a good idea for admins ).
Step 2. Very Important. chmod 700 rdist; chmod 644 /etc/utmp. Install
sendmail 8.6.4. You have probably stopped 60 percent of all Uebercrackers
now. Rdist scripts is among the favorites for getting root by
uebercrackers.
Step 3. Okay, maybe you want to actually secure your machine from the
elite Uebercrackers who can break into any site on Internet.
Step 4. Set up your firewall to block rpc/nfs/ip-forwarding/src routing
packets. (This only applies to advanced admins who have control of the
router, but this will stop 90% of all uebercrackers from attempting your
site.)
Step 5. Apply all CERT and vendor patches to all of your machines. You have
just now killed 95% of all uebercrackers.
Step 6. Run a good password cracker to find open accounts and close them.
Run tripwire after making sure your binaries are untouched. Run tcp_wrapper
to find if a uebercracker is knocking on your machines. Run ISS to make
sure that all your machines are reasonably secure as far as remote
configuration (ie. your NFS exports and anon FTP site.)
Step 7. If you have done all of the following, you will have stopped 99%
of all uebercrackers. Congrads! (Remember, You are the admin.)
Step 8. Now there is one percent of uebercrackers that have gained
knowledge from reading some security expert's mail (probably gained access
to his mail via NFS exports or the guest account. You know how it is, like
the mechanic that always has a broken car, or the plumber that has the
broken sink, the security expert usually has an open machine.)
Step 9. Here is the hard part is to try to convince these security experts
that they are not so above the average citizen and that by now giving out
their unknown (except for the uebercrackers) security bugs, it would be a
service to Internet. They do not have to post it on Usenet, but share
among many other trusted people and hopefully fixes will come about and
new pressure will be applied to vendors to come out with patches.
Step 10. If you have gained the confidence of enough security experts,
you will know be a looked upto as an elite security administrator that is
able to stop most uebercrackers. The final true test for being a ueberadmin
is to compile a IRC client, go onto #hack and log all the bragging and
help catch the uebercrackers. If a uebercracker does get into your system,
and he has used a new method you have never seen, you can probably tell
your other security admins and get half of the replies like - "That bug
been known for years, there just isn't any patches for it yet. Here's my
fix." and the other half of the replies will be like - "Wow. That is very
impressive. You have just moved up a big notch in my security circle."
VERY IMPORTANT HERE: If you see anyone in Usenet's security newsgroups
mention anything about that security hole, Flame him for discussing it
since it could bring down Internet and all Uebercrackers will now have it
and the million other reasons to keep everything secret about security.
Well, this paper has shown the finer details of security on Internet. It has
shown both sides of the coin. Three points I would like to make that would
probably clean up most of the security problems on Internet are as the
following:
1. Vendors need to make security a little higher than zero in priority.
If most vendors shipped their Unixes already secure with most known bugs
that have been floating around since the Internet Worm (6 years ago) fixed
and patched, then most uebercrackers would be stuck as new machines get
added to Internet. (I believe Uebercracker is german for "lame copy-cat
that can get root with 3 year old bugs.") An interesting note is that
if you probably check the mail alias for "security@vendor.com", you will
find it points to /dev/null. Maybe with enough mail, it will overfill
/dev/null. (Look in manual if confused.)
2. Security experts giving up the attitude that they are above the normal
Internet user and try to give out information that could lead to pressure
by other admins to vendors to come out with fixes and patches. Most
security experts probably don't realize how far their information has
already spread.
3. And probably one of the more important points is just following the
steps I have outlined for Stopping a Uebercracker.
A Trick by : http://infintytricks.blogspot.com/
A BEGINNERS GUIDE TO H A C K I N G U N I X
IN THE FOLLOWING FILE, ALL REFERENCES MADE TO THE NAME UNIX, MAY ALSO BE SUBSTITUTED TO THE XENIX OPERATING SYSTEM.
BRIEF HISTORY: BACK IN THE EARLY SIXTIES, DURING THE DEVELOPMENT OF THIRD GENERATION COMPUTERS AT MIT, A GROUP OF PROGRAMMERS STUDYING THE POTENTIAL OF COMPUTERS, DISCOVERED THEIR ABILITY OF PERFORMING TWO OR MORE TASKS SIMULTANEOUSLY. BELL LABS, TAKING NOTICE OF THIS DISCOVERY, PROVIDED FUNDS FOR THEIR DEVELOPMENTAL SCIENTISTS TO INVESTIGATE INTO THIS NEW FRONTIER. AFTER ABOUT 2 YEARS OF DEVELOPMENTAL RESEARCH, THEY PRODUCED AN OPERATING SYSTEM THEY CANLMD "UNIX". SIXTIES TO CURRENT: DURING THIS TIME BELL SYSTEMS INSTALLED THE UNIX SYSTEM TO PROVIDE THEIR COMPUTER OPERATORS WITH THE ABILITY TO MULTITASK SO THAT THEY COULD BECOME MORE PRODUCTIVE, AND EFFICIENT. ONE OF THE SYSTEMS THEY PUT ON THE UNIX SYSTEM WAS CALLED "ELMOS". THROUGH ELMOS MANY TASKS (I.E. BILLING,AND INSTALLATION RECORDS) COULD BE DONE BY MANY PEOPLE USING THE SAME MAINFRAME. NOTE: COSMOS IS ACCESSED THROUGH THE ELMOS SYSTEM. CURRENT: TODAY, WITH THE DEVELOPMENT OF MICRO COMPUTERS, SUCH MULTITASKING CAN BE ACHIEVED BY A SCALED DOWN VERSION OF UNIX (BUT JUST AS POWERFUL). MICROSOFT,SEEING THIS DEVELOPMENT, OPTED TO DEVELOP THEIR OWN UNIX LIKE SYSTEM FOR THE IBM LINE OF PC/XT'S. THEIR RESULT THEY CALLED XENIX (PRONOUNCED ZEE-NICKS). BOTH UNIX AND XENIX CAN BE EASILY INSTALLED
ON IBM PC'S AND OFFER THE SAME FUNCTION
(JUST 2 DIFFERENT VENDORS).
NOTE: DUE TO THE MANY DIFFERENT
VERSIONS OF UNIX (BERKLEY UNIX,
BELL SYSTEM III, AND SYSTEM V
THE MOST POPULAR) MANY COMMANDS
FOLLOWING MAY/MAY NOT WORK. I HAVE
WRITTEN THEM IN SYSTEM V ROUTINES.
UNIX/XENIX OPERATING SYSTEMS WILL
BE CONSIDERED IDENTICAL SYSTEMS BELOW.
HOW TO TELL IF/IF NOT YOU ARE ON A
UNIX SYSTEM: UNIX SYSTEMS ARE QUITE
COMMON SYSTEMS ACROSS THE COUNTRY.
THEIR SECURITY APPEARS AS SUCH:
LOGIN; (OR LOGIN;)
PASSWORD:
WHEN HACKING ON A UNIX SYSTEM IT IS
BEST TO USE LOWERCASE BECAUSE THE UNIX
SYSTEM COMMANDS ARE ALL DONE IN LOWER-
CASE.
LOGIN; IS A 1-8 CHARACTER FIELD. IT IS
USUALLY THE NAME (I.E. JOE OR FRED)
OF THE USER, OR INITIALS (I.E. J.JONES
OR F.WILSON). HINTS FOR LOGIN NAMES
CAN BE FOUND TRASHING THE LOCATION OF
THE DIAL-UP (USE YOUR CN/A TO FIND
WHERE THE COMPUTER IS).
PASSWORD: IS A 1-8 CHARACTER PASSWORD
ASSIGNED BY THE SYSOP OR CHOSEN BY THE
USER.
COMMON DEFAULT LOGINS
--------------------------
LOGIN; PASSWORD:
ROOT ROOT,SYSTEM,ETC..
SYS SYS,SYSTEM
DAEMON DAEMON
UUCP UUCP
TTY TTY
TEST TEST
UNIX UNIX
BIN BIN
ADM ADM
WHO WHO
LEARN LEARN
UUHOST UUHOST
NUUCP NUUCP
IF YOU GUESS A LGIN NAME AND YOU ARE
NOT ASKED FOR A PASSWORD, AND HAVE
ACCESSED TO THE SYSTEM, THEN YOU HAVE
WHAT IS KNOWN AS A NON-GIFTED ACCOUNT.
IF YOU GUESS A CORRECT LOGIN AND PASS-
WORD, THEN YOU HAVE A USER ACCOUNT.
AND, IF YOU GUESS THE ROOT PASSWORD,
THEN YOU HAVE A "SUPER-USER" ACCOUNT.
ALL UNIX SYSTEMS HAVE THE FOLLOWING
INSTALLED TO THEIR SYSTEM:
ROOT, SYS, BIN, DAEMON, UUCP, ADM
ONCE YOU ARE IN THE SYSTEM, YOU WILL
GET A PROMPT. COMMON PROMPTS ARE:
$
%
#
BUT CAN BE JUST ABOUT ANYTHING THE
SYSOP OR USER WANTS IT TO BE.
THINGS TO DO WHEN YOU ARE IN: SOME
OF THE COMMANDS THAT YOU MAY WANT TO
TRY FOLLOW BELOW:
WHO IS ON (SHOWS WHO IS CURRENTLY
LOGGED ON THE SYSTEM.)
WRITE NAME (NAME IS THE PERSON YOU
WISH TO CHAT WITH)
TO EXIT CHAT MODE TRY CTRL-D.
EOT=END OF TRANSFER.
LS -A (LIST ALL FILES IN CURRENT
DIRECTORY.)
DU -A (CHECKS AMOUNT OF MEMORY
YOUR FILES USE;DISK USAGE)
CD\NAME (NAME IS THE NAME OF THE
SUB-DIRECTORY YOU CHOOSE)
CD\ (BRINGS YOUR HOME DIRECTORY
TO CURRENT USE)
CAT NAME (NAME IS A FILENAME EITHER
A PROGRAM OR DOCUMENTATION
YOUR USERNAME HAS WRITTEN)
MOST UNIX PROGRAMS ARE WRITTEN
IN THE C LANGUAGE OR PASCAL
SINCE UNIX IS A PROGRAMMERS'
ENVIRONMENT.
ONE OF THE FIRST THINGS DONE ON THE
SYSTEM IS PRINT UP OR CAPTURE (IN A
BUFFER) THE FILE CONTAINING ALL USER
NAMES AND ACCOUNTS. THIS CAN BE DONE
BY DOING THE FOLLOWING COMMAND:
CAT /ETC/PASSWD
IF YOU ARE SUCCESSFUL YOU WILL A LIST
OF ALL ACCOUNTS ON THE SYSTEM. IT
SHOULD LOOK LIKE THIS:
ROOT:HVNSDCF:0:0:ROOT DIR:/:
JOE:MAJDNFD:1:1:JOE COOL:/BIN:/BIN/JOE
HAL::1:2:HAL SMITH:/BIN:/BIN/HAL
THE "ROOT" LINE TELLS THE FOLLOWING
INFO :
LOGIN NAME=ROOT
HVNSDCF = ENCRYPTED PASSWORD
0 = USER GROUP NUMBER
0 = USER NUMBER
ROOT DIR = NAME OF USER
/ = ROOT DIRECTORY
IN THE JOE LOGIN, THE LAST PART
"/BIN/JOE " TELLS US WHICH DIRECTORY
IS HIS HOME DIRECTORY (JOE) IS.
IN THE "HAL" EXAMPLE THE LOGIN NAME IS
FOLLOWED BY 2 COLONS, THAT MEANS THAT
THERE IS NO PASSWORD NEEDED TO GET IN
USING HIS NAME.
CONCLUSION: I HOPE THAT THIS FILE
WILL HELP OTHER NOVICE UNIX HACKERS
OBTAIN ACCESS TO THE UNIX/XENIX
SYSTEMS THAT THEY MAY FIND. THERE IS
STILL WIDE GROWTH IN THE FUTURE OF
UNIX, SO I HOPE USERS WILL NOT ABUSE
ANY SYSTEMS (UNIX OR ANY OTHERS) THAT
THEY MAY HAPPEN ACROSS ON THEIR
JOURNEY ACROSS THE ELECTRONIC HIGHWAYS OF AMERICA. THERE IS MUCH MORE TO BE LEARNED ABOUT THE UNIX SYSTEM THAT I HAVE NOT COVERED. THEY MAY BE FOUND BY BUYING A BOOK ON THE UNIX SYSTEM (HOW I LEARNED) OR IN THE FUTURE I MAY WRITE A PART II TO THIS........ Downloaded from P-80 Systems......
A Trick by : http://infintytricks.blogspot.com/
A Basic UNIX Overview
A Basic UNIX Overview
UNIX FOR DOS ADDICTED WaReZ PuPPieZ AND THEIR PETS
Introduction
------------
One of the most common operating systems in existance is Unix. Unix
exists in many different flavors, from Berkeley BSD to AT&T System V
to SunOs. Basic working knowledge of Unix is almost essential to a
hacker, as it is the system a hacker is most likely to come across.
If you intend to use the internet at all, or to do any serious
exploration of Telenet, the ability to navigate through Unix is a
necessity. (Unix is also the single most interesting system in
existance: it's just fun to fuck with).
Unix Logins
-----------
Most Unix logins look essentially the same. A general Unix login
prompt looks something like this:
connected to five.finger.com
login:
That first line is the system identifier. Although it's not at all
essential to what you are doing, it's good to know what system you are
attempting to log on to.
The second line is what typically identifies the system you are on as
Unix. Almost all Unix systems greet a user with the same prompt:
login:.
Well, there's not much to do in Unix from the outside, and Unix
systems are typically fairly secure at this point. You may be able to
obtain a list of users, or current users, by logging in as 'who', but
other than that there are few functions available here.
Unless you are on the internet, or have accounts specifically for the
specific machine you are on, the only way on to the system is to try
the default passwords. What are the default passwords?
Unix systems come installed with certain passwords automatically. In
addition, some accounts must exist on a system. One such account is
'root'. This user is the divine Kami of the Unix system... in short,
an all access pass. Unfortunately, few systems allow root logins
remotely, and even fewer leave 'root' unpassworded. Nevertheless, it's
always worth a shot... try this:
connected to ren.stimpy.net
login: root
password: root
invalid login
login:
well, nice try anyways... other possible passwords for root include
'sysadmin', 'sys', 'admin'... you get the idea. You may also want to
try these passwords with a single digit appended (added, idiot) to
them... meaning the password 'root' could be 'root1' or 'root2'.
An interesting tip about passwords in general... many people that use
passwords under 8 characters tend to add a digit or a non-alphanumeric
character to the password. This is done in order to hinder guessing,
and to stop password breakers (more on this later). In this case, you
may want to try adding a space before root... or even an ascii 255 to
the end.
Fortunately, there is more than one default password in a unix
system... a quick list:
sys sys
bin bin
daemon daemon
rje rje
setup setup
uucp uucp/nuucp/anonymous
nuucp uucp/nuucp/anonymous
mountfsys mountfsys
In the System
-------------
Ok, at this point, I'm going to assume you've gotten past the login...
as painful as that may sound. Although Unix may be secure from the
outside, without effort from the system administrators, the inside of
the system is not.
First off, you'll likely by asked for a terminal. vt100 serves your
purposes sufficently, and it's typically the default, so hit enter.
Now, hopefully, you have a prompt. There are many different types of
unix prompts, some of which contain current directory information,
some of which are just a single character. Just don't panic when my
examples don't look exactly like what you've got on your screen.
The first thing you *need* to do on the system is establish your tty
paramters. As eldritch and arcane sounding as this term may seem, it's
actually quite simple... you need to tell the system what keys are
going to do what.
The command to set these parameters is 'stty'. Watch:
squinkyB ] stty erase ^h
squinkyB ]
There... that wasn't so bad, was it? Well, it's also pretty
meaningless to you, unless you have the ascii table memorized and are
pretty good at on-the-spot deduction.
The tty erase parameters determines which key is to be used as a
backspace. At times, this may already be set when you log in, or it
may be set to a suitable alternate (such as delete). Most of the time
the system will tell you when you log on if this is so. In this case,
we've entered ^h in order to make the backspace key, appropriately
enough, backspace.
Another extremely important parameter is 'intr'. The 'intr' paramter
tells the Unix system what you intend to use as a break character...
you should have this set to ^c.
Getting Around
--------------
A good thing to remember about Unix is that it's alot like DOS. Files
are laid out in directories just as in DOS... in fact, the only
immediate difference in the directory structures is that Unix uses a
forward slash ("/", moron!) instead of a backwards one.
Also, the basic Unix directory navigation command is identical to DOS.
In order to change directories, you use the command 'chdir', or 'cd'.
A quick example:
1 /usr1/astoria ] cd ..
2 /usr ]
Wala. That simple. Quick notes:
ю cd / will take you to root.
ю cd /*pathname* will take you to *pathname*
ю cd home will take you to your home directory.
You can make and delete your own directories with the mkdir/rmdir
commands. Simply put, mkdir makes a subdirectory off of the current
directory, and rmdir removes a subdirectory from the current
subdirectory. Good to know if you plan to do a lot of file transfers.
An important note about Unix directories, files, and concepts:
Unix is a case-sensitive operating system. Thus, the files
ю Spleen
ю spleen
ю SPLEEN
ю SpLeEn
are all different. This rule applies to directories and command line
paramters, as well as most other Unix ideas.
Another nice thing to know about Unix: Unix files are not subject to
the normal DOS 8 character limit. Thus, you can have vast filenames,
such as "this_file_ate_my_biscuit".
Some other important commands
-----------------------------
First and foremost, you should know cp. cp is the basic Unix
equivalent of the DOS COPY command. The command line for cp is
identical to that of COPY.
Next on the scale of cosmic import is cat. cat is the Unix equivalent
of the DOS TYPE command, and once again, for simple file displaying,
the command line is identical.
Variations on the theme:
pg: displayes a file page by page. Type "pg x filename", where x is a
number of lines to display before pausing and filename is the
file you wish to display.
more: displays a file screen by screen.
Stupid pet trick:
You can use your cat to copy files, simply by using the directional
operators. To copy a file from here to there using cat, simply type:
% cat here
this is the file here
% cat there
this is the file there
% cat here > there
% cat there
this is the file here
The operator ">" simply takes the output from the cat command and
places is in the location specified after it.
Another vital command to know is 'rm'. rm deletes a file from the
system, in the same way DEL would on a DOS system. Not to much else to
say.
Critical in your navigation of a Unix system is the ls command. ls is
DOS DIR on heroin. Simply type ls and you get a nice, neat list of
files in the directory.
DIR on controlled substances:
There are a few command line parameters that you should know...
foremost is l. ls -l gets you a list of files, and valuable
information about each file, including permissions (more on that
later), size, and linked files.
Another useful command for long file lists is C. ls -C gets you a
list of files in multiple columns, much the same as DIR /W would
merit a double column report of all existing files. A quick reminder:
ls -C is NOT the same as ls -c. Unix = case sensitive.
Another good command to know, mv will move a file from directory to
directory. For those of you without DOS 6.0
file to another directory and deletes the original.
quick tip for files on the lam:
if you want to rename a file (to protect the innocent), you need to
mv a file to a different file name. A quick demo:
# ls
myfile
# cat myfile
this is my file
# mv myfile my_other_file
# ls
my_other_file
# cat my_other_file
this is my file
Another vastly important command is 'man'. In fact, man is probably
one of the most important commands extant for a beginning user... it
calls up the system's help files. To use man, simply type in 'man
command', where command is a Unix command you seek to gain
enlightenment regarding. It's a great way to gain an understanding of
Unix commandline parameters.
If you are interested in seeing who's been on of late, or just want a
few names to try to hack, type 'who'. You get a quick list of users
that have accessed the system lately. If you
who you are at this point, type 'whoami'.
If you want to change your identity on the system, type 'su name'
where name is an account on the system. It'll ask you for the account
password, then, *presto*... instant transmogrification.
A Caveat for smart alec hackers:
Unix typically logs usage of the su command. While su may seem like a
great opportunity to try to hack out passwords manually without
worrying about the system hanging up after 3 attempts, it's typically
not a good idea to do this, as it may alert the administrators to
your presence.
*Numero Uno on the list of commands NEVER to use on a Unix system:
The 'passwd' command changes your password on a Unix system. Seems
innocous enough, eh? Uh-uh. If your account is active, and there's a
very strong chance that it either is or will be, there is no better
way to lose the account than to change the password, only to have the
legitimate user alert the sysadmins when he/she can't gain access to
his/her normal account (well, there are better ways... you could
simply mail the sysadmin and tell him you are trying to hack his
grandmother's life support machine through your account).
I've seen this single, quick command turn a extremely lax system
into an ironclad security compound in less than a day.
DONT-FUCK-WITH-IT.
*Numero Dos on that same list:
The 'mail' command reads and sends mail. So what? Well, unless your
account is stable (and it isn't unless you either paid for it or
killed the original owner in such a way that his body cannot claw it's
way out of it's grave to it's keyboard), the user is more likely than
not going to know if you read his mail. In addition, if you send mail
out of the system (type 'mail', and a username/address; type in your
message and end it with a ^d on it's own line), the response from your
message will likewise alert the user to your presence.
System Spelunking
-----------------
The first place you want to check out in the wild uncharted directory
tree of your friendly neighborhood Unix system is the "/etc"
directory. What's in it? The single most intensely important file on
the system (besides a world writable root owned SUID file... but don't
worry about that)... the passwd file.
What is in the passwd file?
ю a list of all accounts on the system
ю a list of the passwords for these accounts
ю a list of access levels for these accounts
ю a list of the home directories for these accounts
ю a list of information pertaining to these accounts.
Why the hell the Unix designers decided this file should be world
readable is beyond me. Be content to know that your standard everyday
run-of-the-mill-lacking-in-certified-cosmic-power 'cat' command WILL
display this file. As will pg and more. However, because most users
don't have write permissions (more on that later) to the /etc
directory, 'cat' is pretty much the only applicable command here.
However, if you need to copy the file to your own directory (for
whatever reason), just cat it there with the directional operator (>).
The catch:
Well, there are two catches here. First off, regardless of system
security, if the passwords are in the file, they are encrypted. You
can't decrypt them. Although you can get a list of accounts without
passwords this way (just look for accounts with no entry in the
password field), and a list of accounts that can't be logged onto
remotely/at all (NO LOGIN), you can't get much else. Sucks, don't it?
Notice I said 'if' the passwords are there.
Some horrible, paranoid, draconian system administrators mutilate
their passwd files in such a way that (*gasp*) the passwords don't
show up. All you get is one cold, icy X staring at you from the bowels
of Unix Shell Siberia, mocking you as you pull your hair out in
frustration (sorry, but this is a sore spot with me). The kidnapped
passwords reside in the shadow file in the /etc directory, available
with your standard everyday run-of-the-mill-but-distinct-in-the-fact-
that-only-root-level-accounts-can-use-it-to-this-extent 'cat' command.
Well, if the passwords are encrypted, what good are they?
By themselves, nothing. A account with a Unix encrypted password will
get you no further than an account with no listed password at all. You
can't even deduce the amount of characters in the password if it's
encrypted. So what's the use?
The Unix method of encrypting files is available to the public. It is
also, to most mortals, irreversable. Essentially, this means you can
encrypt a string of characters, but not decrypt it. Even the unix
system itself doesn't decrypt the password when you log on...
When you log on, the Unix system takes whatever you enter at the
password prompt, encrypts it, and matches it to the entry in the
passwd file. Thus, the Unix system never decrypts the password... it
only compares it to a different encrypted string.
While this may not sound too particularly useful at first, it is.
There are programs that have been written to do the same thing on a
personal computer... you supply it a list of passwords and a list of
words to attempt to use as passwords (called dictionaries), and it
spends the night encrypting dictionaries and matching them to password
entries. By running a dictionary through a passwd file, on a typical
system, you can usually get 10-20 accounts. Good personal computer
examples of this program idea include Killer Cracker (the industry
standard, so to speak) and CrackerJack (faster than Killer Cracker).
Quick tips for CrackerJunkies with leech access at an H/P BBS:
A standard dictionary will not uncover passwords protected with an
appended digit or non-alphanumeric character. In order to get around
this, you need only grab a program that processes the dictionary file
to add that digit to each entry in the dictionary... although this
takes longer, and you'll need to do it multiple times, you can
typically get 10 more accounts just by adding a 1 to every entry.
Files and directories in Unix are characterized further by their
permissions. Permissions are a standard system of who gets access to a
specific function of that file or directory. Standard permissions
include read, write, and execute. You can get a list of permissions by
typing 'ls -l'. The first field in the listing contains the
permissions, grouped as follows:
owner group world
--------------------
rwx rwx rwx
(Not drawn to scale... in fact, it doesn't look anything like that).
Essentially, as long as the letter is there, you have access to that
facet of the file. If the letter is not there, you'll see a dash...
meaning you don't have access to that function. An example:
rwxr-x--x
In this case, the owner of the file can Read the file, Write to the
file, and eXecute the file; members of his group (a bunch of linked
accounts) can Read the file, CANNOT Write to the file, and can eXecute
the file; and the rest of the user population CANNOT Read or Write to
the file, but CAN eXecute the file.
rwx---rwx
is a WORLD-READABLE, WORLD-WRITABLE, WORLD-EXECUTABLE file. This
simply means that anyone can read, write, or execute the file.
Another permission sometimes set to a file is the SUID bit. An SUID
file contains a smallcase s in the user executable section of the
permissions list...
rws--x--x
When you execute an SUID file, your user ID becomes that of the owner
of the file. While this may not look to important at first, by now you
should know that no really important super elite hacker concept does.
Take a look at this:
rwsr-x--x
Synopsis? It's a world executable SUID file. In essence, anyone can
execute the file, and in doing so, become the owner of the file for
the duration of the time that file is operating. However, this doesn't
get you much, because you typically can't do anything while the
programis running. More likely than not, it's calculating how many
pencils it needs to order for school tomorrow or some other such
drivel.
The real power of the SUID file comes into play in this situation:
rwsrwxrwx
You won't see a lot of these, but when you do, look out. What you have
here is a world writable SUID file... and a world writable program can
be any program on the system you have read access to. Like, say,
/bin/sh... the Unix shell...
Quick command line example... 'diablo' is a root owned, world writable
SUID file. I'm going to ignore the rest of the output of the ls
command.
#ls -l
rwsrwxrwx... ...diablo
#cat /bin/sh > diablo
#diablo
$
Oh, just so you know, the $ prompt denotes root access.
Good deal, huh? In general, if you have right privs to an SUID file,
copy it to your own directory and cat /bin/sh into it. You now have an
instant gateway to the account of the owner of that file.
If you want to find files that you can do this with, try this out:
#find / -user root -perm -4000 -exec /bin/ls -al {} ";"
This will give you a list of all root owned SUID files. If you want
more info on the 'find' command, just 'man find'.
A Trick by : WWW.infintytricks.blogspot.com
A Basic Guide to the Internet
A Basic Guide to the Internet
The Internet is a computer network made up of thousands of networks worldwide. No one knows exactly how many computers are connected to the Internet. It is certain, however, that these number in the millions.
No one is in charge of the Internet. There are organizations which develop technical aspects of this network and set standards for creating applications on it, but no governing body is in control. The Internet backbone, through which Internet traffic flows, is owned by private companies.
All computers on the Internet communicate with one another using the Transmission Control Protocol/Internet Protocol suite, abbreviated to TCP/IP. Computers on the Internet use a client/server architecture. This means that the remote server machine provides files and services to the user's local client machine. Software can be installed on a client computer to take advantage of the latest access technology.
An Internet user has access to a wide variety of services: electronic mail, file transfer, vast information resources, interest group membership, interactive collaboration, multimedia displays, real-time broadcasting, shopping opportunities, breaking news, and much more.
The Internet consists primarily of a variety of access protocols. Many of these protocols feature programs that allow users to search for and retrieve material made available by the protocol.
--------------------------------------------------------------------------------
COMPONENTS OF THE INTERNET
--------------------------------------------------------------------------------
WORLD WIDE WEB
The World Wide Web (abbreviated as the Web or WWW) is a system of Internet servers that supports hypertext to access several Internet protocols on a single interface. Almost every protocol type available on the Internet is accessible on the Web. This includes e-mail, FTP, Telnet, and Usenet News. In addition to these, the World Wide Web has its own protocol: HyperText Transfer Protocol, or HTTP. These protocols will be explained later in this document.
The World Wide Web provides a single interface for accessing all these protocols. This creates a convenient and user-friendly environment. It is no longer necessary to be conversant in these protocols within separate, command-level environments. The Web gathers together these protocols into a single system. Because of this feature, and because of the Web's ability to work with multimedia and advanced programming languages, the Web is the fastest-growing component of the Internet.
The operation of the Web relies primarily on hypertext as its means of information retrieval. HyperText is a document containing words that connect to other documents. These words are called links and are selectable by the user. A single hypertext document can contain links to many documents. In the context of the Web, words or graphics may serve as links to other documents, images, video, and sound. Links may or may not follow a logical path, as each connection is programmed by the creator of the source document. Overall, the Web contains a complex virtual web of connections among a vast number of documents, graphics, videos, and sounds.
Producing hypertext for the Web is accomplished by creating documents with a language called HyperText Markup Language, or HTML. With HTML, tags are placed within the text to accomplish document formatting, visual features such as font size, italics and bold, and the creation of hypertext links. Graphics and multimedia may also be incorporated into an HTML document. HTML is an evolving language, with new tags being added as each upgrade of the language is developed and released. The World Wide Web Consortium (W3C), led by Web founder Tim Berners-Lee, coordinates the efforts of standardizing HTML. The W3C now calls the language XHTML and considers it to be an application of the XML language standard.
The World Wide Web consists of files, called pages or home pages, containing links to documents and resources throughout the Internet.
The Web provides a vast array of experiences including multimedia presentations, real-time collaboration, interactive pages, radio and television broadcasts, and the automatic "push" of information to a client computer. Programming languages such as Java, JavaScript, Visual Basic, Cold Fusion and XML are extending the capabilities of the Web. A growing amount of information on the Web is served dynamically from content stored in databases. The Web is therefore not a fixed entity, but one that is in a constant state of development and flux.
For more complete information about the World Wide Web, see Understanding The World Wide Web.
E-MAIL
Electronic mail, or e-mail, allows computer users locally and worldwide to exchange messages. Each user of e-mail has a mailbox address to which messages are sent. Messages sent through e-mail can arrive within a matter of seconds.
A powerful aspect of e-mail is the option to send electronic files to a person's e-mail address. Non-ASCII files, known as binary files, may be attached to e-mail messages. These files are referred to as MIME attachments.MIME stands for Multimedia Internet Mail Extension, and was developed to help e-mail software handle a variety of file types. For example, a document created in Microsoft Word can be attached to an e-mail message and retrieved by the recipient with the appropriate e-mail program. Many e-mail programs, including Eudora, Netscape Messenger, and Microsoft Outlook, offer the ability to read files written in HTML, which is itself a MIME type.
TELNET
Telnet is a program that allows you to log into computers on the Internet and use online databases, library catalogs, chat services, and more. There are no graphics in Telnet sessions, just text. To Telnet to a computer, you must know its address. This can consist of words (locis.loc.gov) or numbers (140.147.254.3). Some services require you to connect to a specific port on the remote computer. In this case, type the port number after the Internet address. Example: telnet nri.reston.va.us 185.
Telnet is available on the World Wide Web. Probably the most common Web-based resources available through Telnet have been library catalogs, though most catalogs have since migrated to the Web. A link to a Telnet resource may look like any other link, but it will launch a Telnet session to make the connection. A Telnet program must be installed on your local computer and configured to your Web browser in order to work.
With the increasing popularity of the Web, Telnet has become less frequently used as a means of access to information on the Internet.
FTP
FTP stands for File Transfer Protocol. This is both a program and the method used to transfer files between computers. Anonymous FTP is an option that allows users to transfer files from thousands of host computers on the Internet to their personal computer account. FTP sites contain books, articles, software, games, images, sounds, multimedia, course work, data sets, and more.
If your computer is directly connected to the Internet via an Ethernet cable, you can use one of several PC software programs, such as WS_FTP for Windows, to conduct a file transfer.
FTP transfers can be performed on the World Wide Web without the need for special software. In this case, the Web browser will suffice. Whenever you download software from a Web site to your local machine, you are using FTP. You can also retrieve FTP files via search engines such as FtpFind, located at /http://www.ftpfind.com/. This option is easiest because you do not need to know FTP program commands.
E-MAIL DISCUSSION GROUPS
One of the benefits of the Internet is the opportunity it offers to people worldwide to communicate via e-mail. The Internet is home to a large community of individuals who carry out active discussions organized around topic-oriented forums distributed by e-mail. These are administered by software programs. Probably the most common program is the listserv.
A great variety of topics are covered by listservs, many of them academic in nature. When you subscribe to a listserv, messages from other subscribers are automatically sent to your electronic mailbox. You subscribe to a listserv by sending an e-mail message to a computer program called a listserver. Listservers are located on computer networks throughout the world. This program handles subscription information and distributes messages to and from subscribers. You must have a e-mail account to participate in a listserv discussion group. Visit Tile.net at /http://tile.net/ to see an example of a site that offers a searchablecollection of e-mail discussion groups.
Majordomo and Listproc are two other programs that administer e-mail discussion groups. The commands for subscribing to and managing your list memberships are similar to those of listserv.
USENET NEWS
Usenet News is a global electronic bulletin board system in which millions of computer users exchange information on a vast range of topics. The major difference between Usenet News and e-mail discussion groups is the fact that Usenet messages are stored on central computers, and users must connect to these computers to read or download the messages posted to these groups. This is distinct from e-mail distribution, in which messages arrive in the electronic mailboxes of each list member.
Usenet itself is a set of machines that exchanges messages, or articles, from Usenet discussion forums, called newsgroups. Usenet administrators control their own sites, and decide which (if any) newsgroups to sponsor and which remote newsgroups to allow into the system.
There are thousands of Usenet newsgroups in existence. While many are academic in nature, numerous newsgroups are organized around recreational topics. Much serious computer-related work takes place in Usenet discussions. A small number of e-mail discussion groups also exist as Usenet newsgroups.
The Usenet newsfeed can be read by a variety of newsreader software programs. For example, the Netscape suite comes with a newsreader program called Messenger. Newsreaders are also available as standalone products.
FAQ, RFC, FYI
FAQ stands for Frequently Asked Questions. These are periodic postings to Usenet newsgroups that contain a wealth of information related to the topic of the newsgroup. Many FAQs are quite extensive. FAQs are available by subscribing to individual Usenet newsgroups. A Web-based collection of FAQ resources has been collected by The Internet FAQ Consortium and is available at /http://www.faqs.org/.
RFC stands for Request for Comments. These are documents created by and distributed to the Internet community to help define the nuts and bolts of the Internet. They contain both technical specifications and general information.
FYI stands for For Your Information. These notes are a subset of RFCs and contain information of interest to new Internet users.
Links to indexes of all three of these information resources are available on the University Libraries Web site at /http://library.albany.edu/reference/faqs.html.
CHAT & INSTANT MESSENGING
Chat programs allow users on the Internet to communicate with each other by typing in real time. They are sometimes included as a feature of a Web site, where users can log into the "chat room" to exchange comments and information about the topics addressed on the site. Chat may take other, more wide-ranging forms. For example, America Online is well known for sponsoring a number of topical chat rooms.
Internet Relay Chat (IRC) is a service through which participants can communicate to each other on hundreds of channels. These channels are usually based on specific topics. While many topics are frivolous, substantive conversations are also taking place. To access IRC, you must use an IRC software program.
A variation of chat is the phenomenon of instant messenging. With instant messenging, a user on the Web can contact another user currently logged in and type a conversation. Most famous is America Online's Instant Messenger. ICQ, MSN and Yahoo are other commonly-used chat programs.
Other types of real-time communication are addressed in the tutorial Understanding the World Wide Web.
MUD/MUSH/MOO/MUCK/DUM/MUSE
MUD stands for Multi User Dimension. MUDs, and their variations listed above, are multi-user virtual reality games based on simulated worlds. Traditionally text based, graphical MUDs now exist. There are MUDs of all kinds on the Internet, and many can be joined free of charge. For more information, read one of the FAQs devoted to MUDs available at the FAQ site at
A Trick by : WWW.infintytricks.blogspot.com
250+ Tech books online
250+ Tech books online
1
10 minute guide to lotus notes mail 4.5
http://www.parsian.net/set1252/pages/books.htm
2
10 minute guide to Microsoft exchange 5.0
http://www.parsian.net/set1252/pages/books.htm
3
10 minute guide to outlook 97
http://www.parsian.net/set1252/pages/books.htm
4
10 minute guide to schedule+ for windows 95
http://www.parsian.net/set1252/pages/books.htm
5
ActiveX programming unleashed
http://www.parsian.net/set1252/pages/books.htm
6
ActiveX programming unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
7
Advanced perl programming
http://www.hk8.org/old_web/
8
Advanced PL/SQL programming with packages
http://www.hk8.org/old_web/
9
Adventure in Prolog/AMZI
www.oopweb.com
10
Algorithms CMSC251/Mount, David
www.oopweb.com
11
Alison Balter's Mastering Access 95 development, premier ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
12
Apache : The definitive guide, 3rd.ed.
http://www.hk8.org/old_web/
13
Beej's guide to network programming/Hall, Brain
www.oopweb.com
14
Beyond Linux from Scratch/BLFS Development Team
http://book.onairweb.net/computer/os/linux/Administration/Beyond_Linux_From_Scratch/
15
Borland C++ builder unleashed
http://www.parsian.net/set1252/pages/books.htm
16
Building an intranet with windows NT 4
http://www.parsian.net/set1252/pages/books.htm
17
Building an Intranet with Windows NT 4
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
18
Building expert systems in prolog/AMZI
www.oopweb.com
19
C programming language
http://book.onairweb.net/computer/pl/C/The_C_Programming_Language_by_K&R/
20
C Programming/Holmes, Steven
www.oopweb.com
21
C++ Annotations
www.oopweb.com
22
CGI developer's guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
23
CGI manual of style
http://www.parsian.net/set1252/pages/books.htm
24
CGI manual of style online
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
25
CGI programming
http://www.hk8.org/old_web/
26
CGI programming unleashed
http://www.parsian.net/set1252/pages/books.htm
27
CGI programming with Perl, 2nd.ed.
http://www.hk8.org/old_web/
28
Charlie Calvert's Borland C++ builder unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
29
Client/server computing, 2nd.ed.
http://www.parsian.net/set1252/pages/books.htm
30
Client-server computing, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
31
Common LISP, the language/Steele, Guy
www.oopweb.com
32
Compilers and compiler generators : an introduction with C++/Terry, P.D.
www.oopweb.com
33
Complete idiot's guide to creating HTML webpage
http://www.parsian.net/set1252/pages/books.htm
34
Computer graphics CMSC 427/Mount, David
www.oopweb.com
35
Configuring and troubleshooting the windows NT/95 registry
http://www.parsian.net/set1252/pages/books.htm
36
Creating commercial websites
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
37
Creating web applets with Java
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
38
Crystal Reports.NET
http://www.crystalreportsbook.com/Chapters.asp
39
Curious about the internet
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
40
Curious about the internet?
http://www.parsian.net/set1252/pages/books.htm
41
Dan appleman's developing activeX components with Visual Basic 5
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
42
Dan appleman's developing activex components with Visual Basic 5.0
http://www.parsian.net/set1252/pages/books.htm
43
Data structures CMSC420/Mount, David
www.oopweb.com
44
Database developer's guide with visual basic 4, 2nd.ed.
http://www.parsian.net/set1252/pages/books.htm
45
Database developer's guide with Visual Basic 4, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
46
Database developer's guide with Visual C++ 4, 2nd.ed.
http://www.parsian.net/set1252/pages/books.htm
47
Database developer's guide with Visual C++ 4, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
48
Design and analysis of computer algorithms CMSC451/Mount, David
www.oopweb.com
49
Designing implementing Microsoft internet information server
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
50
Designing implementing Microsoft proxy server
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
51
Developing for netscape one
http://www.parsian.net/set1252/pages/books.htm
52
Developing intranet applications with java
http://www.parsian.net/set1252/pages/books.htm
53
Developing personal oracle 7 for windows 95 applications
http://www.parsian.net/set1252/pages/books.htm
54
Developing personal Oracle 7 for windows 95 applications
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
55
Developing professional java applets
http://www.parsian.net/set1252/pages/books.htm
56
Developing professional java applets
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
57
DNS and BIND
http://www.hk8.org/old_web/
58
Doing objects with VB.NET and C#
http://vbwire.com/nl?6814
59
EAI/BPM Evaluation Series: IBM WebSphere MQ Workflow v3.3.2 & EAI Suite by
> Middleware Technology Evaluation Series, Phong Tran & Jeffrey Gosper
http://www.cmis.csiro.au/mte/reports/BPM_IBMwebsphereMQ332.htm
60
Effective AWK programming
http://book.onairweb.net/computer/os/shell/Effective_AWK_Programming/
61
Enterprise javabeans, 2nd.ed.
http://www.hk8.org/old_web/
62
Exploring java
http://www.hk8.org/old_web/
63
GNOME/Sheets, John
www.oopweb.com
64
Graph theory/Prof. Even
www.oopweb.com
65
Hacking java
http://www.parsian.net/set1252/pages/books.htm
66
How intranets work
http://www.parsian.net/set1252/pages/books.htm
67
How intranets work
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
68
How to program visual basic 5.0
http://www.parsian.net/set1252/pages/books.htm
69
How to use HTML 3.2
http://www.parsian.net/set1252/pages/books.htm
70
Html : The definitive guide
http://www.hk8.org/old_web/
71
HTML 3.2 & CGI unleashed
http://www.parsian.net/set1252/pages/books.htm
72
HTML 3.2 and CGI professional reference edition unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
73
HTML by example
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
74
Internet firewall
http://www.hk8.org/old_web/
75
Intranets unleashed
http://www.parsian.net/set1252/pages/books.htm
76
Introduction to object-oriented programming using C++/Muller, Peter
www.oopweb.com
77
Introduction to programming using Java/Eck, David
www.oopweb.com
78
Introduction to socket programming
http://book.onairweb.net/computer/network/An_Introduction_to_Socket_Programming/
79
Java 1.1 unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
80
Java 1.1 unleashed, 2nd.ed.
http://www.parsian.net/set1252/pages/books.htm
81
Java 1.1 unleashed, 3rd.ed.
http://www.parsian.net/set1252/pages/books.htm
82
Java 114 documentation
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
83
Java AWT reference
http://www.hk8.org/old_web/
84
Java by example
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
85
Java developer's guide
http://www.parsian.net/set1252/pages/books.htm
86
Java developer's guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
87
Java developer's reference
http://www.parsian.net/set1252/pages/books.htm
88
Java developer's reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
89
Java Distributed computing
http://www.hk8.org/old_web/
90
Java enterprise
http://www.hk8.org/old_web/
91
Java enterprise in a nutshell
http://www.hk8.org/old_web/
92
Java foundation classes in a nutshell
http://www.hk8.org/old_web/
93
Java fundamental classes reference
http://www.hk8.org/old_web/
94
Java in a nutshell
http://www.hk8.org/old_web/
95
Java in a nutshell, 3rd.ed.
http://www.hk8.org/old_web/
96
Java language reference
http://www.hk8.org/old_web/
97
Java security
http://www.hk8.org/old_web/
98
Java servlet programming
http://www.hk8.org/old_web/
99
Java unleashed
http://www.parsian.net/set1252/pages/books.htm
100
Java unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
101
Java, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
102
_JavaScript : the definitive guide
http://www.hk8.org/old_web/
103
_Javascript manual of style
http://www.parsian.net/set1252/pages/books.htm
104
_Javascript manual of style
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
105
Josh's GNU Linux Guide/Joshua
http://book.onairweb.net/computer/os/linux/Administration/Josh's_GNU_Linux_Guide/
106
Late night activex
http://www.parsian.net/set1252/pages/books.htm
107
Late night activeX
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
108
Laura lemay's 3D graphics in and VRML 2
http://www.parsian.net/set1252/pages/books.htm
109
Laura lemay's activex and _VBScript
http://www.parsian.net/set1252/pages/books.htm
110
Laura lemay's graphics and web page design
http://www.parsian.net/set1252/pages/books.htm
111
Laura lemay's guide to sizzling websites design
http://www.parsian.net/set1252/pages/books.htm
112
Laura lemay's _javascript 1.1
http://www.parsian.net/set1252/pages/books.htm
113
Laura lemay's web workshop activex and _VBScript
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
114
Laura lemay's web workshop Graphics web page design
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
115
Laura lemay's web workshop _javascript
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
116
Learning perl
http://www.hk8.org/old_web/
117
Learning perl on win32
http://www.hk8.org/old_web/
118
Learning the kornshell
http://www.hk8.org/old_web/
119
Learning unix
http://www.hk8.org/old_web/
120
Learning vi
http://www.hk8.org/old_web/
121
Linux from Scratch/Beekmans, Gerard
http://book.onairweb.net/computer/os/linux/Administration/Linux_From_Scratch/
122
Linux in a nutshell, 3rd.ed.
http://www.hk8.org/old_web/
123
Linux kernel/Rusling, David
www.oopweb.com
124
Linux network administrator's guide/Dawson, Terry
www.oopweb.com
125
Linux system administrator's survival guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
126
MAPI, SAPI and TAPI developer's guide
http://www.parsian.net/set1252/pages/books.htm
127
Mastering access 95 development
http://www.parsian.net/set1252/pages/books.htm
128
Microsoft access 97 quick reference
http://www.parsian.net/set1252/pages/books.htm
129
Microsoft access 97 quick reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
130
Microsoft backoffice 2 unleashed
http://www.parsian.net/set1252/pages/books.htm
131
Microsoft excel 97 quick reference
http://www.parsian.net/set1252/pages/books.htm
132
Microsoft excel 97 quick reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
133
Microsoft exchange server survival guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
134
Microsoft frontpage unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
135
Microsoft word 97 quick reference
http://www.parsian.net/set1252/pages/books.htm
136
Microsoft word 97 quick reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
137
Microsoft works 4.5 6-In-1
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
138
More than 100 full-text e-books
http://www.allfreetech.com/EBookCategory.asp
139
Ms backoffice administrator's survival guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
140
Ms backoffice unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
141
Mysql and msql
http://www.hk8.org/old_web/
142
Netscape plug-ins developer's kit
http://www.parsian.net/set1252/pages/books.htm
143
Official gamelan java directory
http://www.parsian.net/set1252/pages/books.htm
144
Oracle built-in packages
http://www.hk8.org/old_web/
145
Oracle PL/SQL built-in pocket reference
http://www.hk8.org/old_web/
146
Oracle PL/SQL language pocket reference
http://www.hk8.org/old_web/
147
Oracle PL/SQL programming guide to Oracle 8 features
http://www.hk8.org/old_web/
148
Oracle PL/SQL programming, 2nd.ed.
http://www.hk8.org/old_web/
149
Oracle unleashed
http://www.parsian.net/set1252/pages/books.htm
150
Oracle unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
151
Oracle web applications PL/SQL developer's introduction
http://www.hk8.org/old_web/
152
Patterns of enterprise application architecture/Fowler, Martin
http://www.awprofessional.com/catalog/product.asp?product_id={574D77DF-6ED2-BC5-A6A8-02E59CA7482D}
153
PC week : the intranet advantage
http://www.parsian.net/set1252/pages/books.htm
154
Perl 5 by example
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
155
Perl 5 quick reference
http://www.parsian.net/set1252/pages/books.htm
156
Perl 5 unleashed
http://www.parsian.net/set1252/pages/books.htm
157
Perl 5.0 CGI web pages
http://www.parsian.net/set1252/pages/books.htm
158
Perl cookbook
http://www.hk8.org/old_web/
159
Perl for system administration
http://www.hk8.org/old_web/
160
Perl in a nutshell
http://www.hk8.org/old_web/
161
Perl quick reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
162
Peter norton's complete guide to windows NT 4 workstations
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
163
Presenting activex
http://www.parsian.net/set1252/pages/books.htm
164
Presenting activex
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
165
Presenting javabeans
http://www.parsian.net/set1252/pages/books.htm
166
Presenting javabeans
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
167
Programming perl
http://www.hk8.org/old_web/
168
Programming perl, 3rd.ed.
http://www.hk8.org/old_web/
169
Programming the Perl DBI
http://www.hk8.org/old_web/
170
Red hat linux unleashed
http://www.parsian.net/set1252/pages/books.htm
171
Running a perfect intranet
http://www.parsian.net/set1252/pages/books.htm
172
Running Linux, 3rd.ed.
http://www.hk8.org/old_web/
173
Sams teach yourself java 1.1 in 24 hours/
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_Java_1.1_Programming_in_24_Hours
174
Sams Teach yourself java in 21 days/Lemay, Laura
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_Java_in_21_Days/
175
Sams teach yourself linux in 24 hours/Ball, Bill
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_Linux_in_24%20Hours/
176
Sams teach yourself shell programming in 24 hours
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_Shell_Programming_in_24_Hours/
177
Sams teach yourself TCP/IP in 14 days
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_TCP-IP_in_14_Days(SE)/
178
Sed and awk
http://www.hk8.org/old_web/
179
Sendmail
http://www.hk8.org/old_web/
180
Sendmail desktop reference
http://www.hk8.org/old_web/
181
Slackware linux unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
182
Special edition using java, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
183
Special edition using _javascript
http://www.parsian.net/set1252/pages/books.htm
184
Special edition using _javascript
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
185
Special edition using _Jscript
http://www.parsian.net/set1252/pages/books.htm
186
Special edition using lotus notes and domino 4.5
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
187
Special edition using Microsoft SQL server 6.5, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
188
Special edition using Microsoft visual Interdev
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
189
Special edition using perl 5 for web programming
http://www.parsian.net/set1252/pages/books.htm
190
Special edition using perl for web programming
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
191
Special edition using Visual Basic 4
http://www.parsian.net/set1252/pages/books.htm
192
TCP/IP
http://www.hk8.org/old_web/
193
Teach yourself activex programming in 21 days
http://www.parsian.net/set1252/pages/books.htm
194
Teach yourself C++ in 21 days
http://www.parsian.net/set1252/pages/books.htm
195
Teach yourself C++ in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
196
Teach yourself CGI programming with Perl 5 in a week
http://www.parsian.net/set1252/pages/books.htm
197
Teach yourself database programming with VB5 in 21 days, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
198
Teach yourself database programming with visual basic 5 in 21 days
http://www.parsian.net/set1252/pages/books.htm
199
Teach yourself HTML 3.2 in 24 hours
http://www.parsian.net/set1252/pages/books.htm
200
Teach yourself HTML 3.2 in 24 hours
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
201
Teach yourself internet game programming with java in 21 days
http://www.parsian.net/set1252/pages/books.htm
202
Teach yourself java 1.1 programming in 24 hours
http://www.parsian.net/set1252/pages/books.htm
203
Teach yourself jave in café in 21 days
http://www.parsian.net/set1252/pages/books.tm
204
Teach yourself Microsoft visual Interdev in 21 days
http://www.parsian.net/set1252/pages/books.htm
205
Teach yourself Microsoft visual Interdev in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
206
Teach yourself oracle 8 in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
207
Teach yourself perl 5 in 21 days
http://www.parsian.net/set1252/pages/books.htm
208
Teach yourself perl 5 in 21 days, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
209
Teach yourself SQL in 21 days
http://www.parsian.net/set1252/pages/books.htm
210
Teach yourself SQL in 21 days, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
211
Teach yourself TCP/IP in 14 days
http://www.parsian.net/set1252/pages/books.htm
212
Teach yourself TCP/IP in 14 days, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
213
Teach yourself the Internet in 24 hours
http://www.parsian.net/set1252/pages/books.htm
214
Teach yourself the internet in 24 hours
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
215
Teach yourself _VBScript in 21 days
http://www.parsian.net/set1252/pages/books.htm
216
Teach yourself _VBScript in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
217
Teach yourself visual basic 5 in 24 hours
http://www.parsian.net/set1252/pages/books.htm
218
Teach yourself Visual Basic 5 in 24 hours
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
219
Teach yourself Visual J++ in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
220
Teach yourself web publishing with HTML 3.2 in 14 days
http://www.parsian.net/set1252/pages/books.htm
221
Teach yourself web publishing with HTML in 14 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
222
Thinking in C++
http://www.mindview.net/Books
223
Thinking in C++/Eckel, Bruce - Vol.I, 2nd.ed.
www.oopweb.com
224
Thinking in C++/Eckel, Bruce - Vol.II, 2nd.ed.
www.oopweb.com
225
Thinking in Enterprise Java
http://www.mindview.net/Books
226
Thinking in Java, 2nd.ed.
www.oopweb.com
227
Thinking in Java, 3rd.ed. (pdf)
http://www.mindview.net/Books
228
Tricks of the internet gurus
http://www.parsian.net/set1252/pages/books.htm
229
Tricks of the java programming gurus
http://www.parsian.net/set1252/pages/books.htm
230
Unix and internet security
http://www.hk8.org/old_web/
231
Unix hints and hacks/Waingrow, Kirk
http://book.onairweb.net/computer/os/unix/Administration/UNIX_Hints_&_Hacks/19270001..htm
232
Unix in a nutshell
http://www.hk8.org/old_web/
233
Unix kornshell quick reference
http://book.onairweb.net/computer/os/shell/Unix_KornShell_Quick_Reference/kornShell.html
234
Unix power tools
http://www.hk8.org/old_web/
235
Unix shell guide
http://book.onairweb.net/computer/os/shell/The_UNIX_Shell_Guide/
236
Unix unleashed
http://www.parsian.net/set1252/pages/books.htm
237
Unix unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
238
Unix unleashed Internet Ed./Burk, Robin
http://book.onairweb.net/computer/os/unix/Administration/UNIX_Unleashed(Internet_Edition)/fm.htm
239
Unix unleashed, System administrator's Edition
http://book.onairweb.net/computer/os/unix/Administration/UNIX_Unleashed_System_Administrator's_Edition/toc.htm
240
Unix Unleashed/Sams Publication
http://book.onairweb.net/computer/os/unix/Administration/UNIX_Unleashed/
241
Upgrading PCs illustrated
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
242
Using windows NT workstation 4.0
http://www.parsian.net/set1252/pages/books.htm
243
_VBScript unleashed
http://www.parsian.net/set1252/pages/books.htm
244
_Vbscript unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
245
Visual basic 4 in 12 easy lessons
http://www.parsian.net/set1252/pages/books.htm
246
Visual basic 4 unleashed
http://www.parsian.net/set1252/pages/books.htm
247
Visual Basic 5 night school
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
248
Visual basic programming in 12 easy lessons
http://www.parsian.net/set1252/pages/books.htm
249
Visual Basic programming in 12 easy lessons
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
250
Visual C++ 4 unleashed
http://www.parsian.net/set1252/pages/books.htm
251
Visual C++ programming in 12 easy lessons
http://www.parsian.net/set1252/pages/books.htm
252
Web database developer's guide with visual basic 5
http://www.parsian.net/set1252/pages/books.htm
253
Web database developer's guide with visual basic 5
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/
254
Web programming desktop reference 6-in-1
http://www.parsian.net/set1252/pages/books.htm
A Trick by : WWW.infintytriks.blogspot.com
Visitors counter
