Open source software security

Madirish Tutorial 06

30 November -0001
If you want to have any sort of distinguished career as a hacker you're eventually going to have to learn about Unix. While its true that NT/2000 is quickly becoming a legitimate player in the server market, Unix remains the heart and soul of the internet. Without understanding Unix you're not going to get very far as a hacker.

Unix is an old (developed in the 70's) operating system. As such its really well documented. I would recommend reading a book or two on Unix to really get a handle on the operating system, or better yet installing Linux to get a first hand look at a Unix type system (Linux isn't Unix, but it operates in much the same way).

Unix systems run most of the servers on the internet. You're going to run into a Unix or *nix (used to refer to any Unix or Linux system or clone) system pretty fast if you stay online long enough. You may not even know it but have already used a *nix server. Unix operation is a field all its own, and a complete understanding takes a long time. If you've never used MS-DOS you're going to have a long way to go. Unix is mostly command line, so being familiar with command line operations is essential to operating on a Unix system. There are no pretty point and click GUI's for most operations. You can't simply look at a desktop and move stuff around with a mouse. While at first this may seem like a huge hindrance, its actually not. Operating at the command line allows you finely tuned control of almost every aspect of you system. Unix is also nice because it doesn't hide anything from the curious user. Especially if you're on Linux, you can view and change pretty much everything on the computer, from the operating system to security controls. This allows not only complete control of the computer and its functions, but also allows for easy remote administration. Administering most Unix servers is as simple as telnetting in to the system and issuing commands at the command line. This is why Unix is such a treasure trove for hackers, its remote administration capabilities. All most cracking is, after all, is remote administration.

Basic Unix commands are pretty easy to learn but here's a short synopsis of the ones you'll most likely need to know:

cd - this is the command to change directories. To move up one directory simply type 'cd ..', to move into a directory below your current one type in cd and the name of the directory ('cd tmp' for example). You can use cd to move several directories at once. 'cd ../home/html/httpd' will move you up one directory, into the home subdirectory, into the html directory in the home directory, and finally into the httpd directory of the html directory. To return to your home directory at any time type 'cd /.' Every user is assigned a home directory on a Unix system and you'll likely start there as soon as you get shell access.

ls - like 'dir' in a DOS environment, this command lists a directories contents. Use 'ls -l' to see file permissions on the contents of a directory.

mkdir - this allows you to make a directory as a subdirectory of the current directory you're in. 'mkdir hello' makes a directory named hello.

touch - this command updates a timestamp on a file or directory that indicates when the file or directory was last used. touch also creates files if the filename doesn't already exist in the directory. 'touch hello.txt' will create the file hello.txt in the current working directory if such a file doesn't already exist.

rmdir - this command deletes directories. 'rmdir hello' would delete the hello directory.

rm - this is the delete command. 'rm hello.txt' will delete hello.txt from your current working directory.

chmod - this command changes permissions of a file or directory. You'll need to understand the concept of users, groups, and permissions before you use this one (more to come).

pico - pico is a text editor (you may use emacs, vi, or joe in place of pico). If you want to view the contents of a file (hello.txt for example) simply type 'pico hello.txt' and the pico editor will start up and show you hello.txt's contents. Be careful with any editor as you can change the file you are viewing by saving the buffer when you exit.

pine - this command will start pine, one of the simplest text based e-mail programs out there. Pine operates full screen and will show you possible commands on-screen. You navigate pine menu's using the arrow keys and enter. Elm is another common text based e-mail client, invoked by typing 'elm'.

Ok, that should be enough to make you dangerous on a Unix system. Lets start exploring what hacking systems (cracking) is all about and the methods used.