unix / net / hack page
This page is available from various servers. Feel free to use the one fastest
for you, as they are all maintained by
they all should be identical. They are:
Latest developments to the page:
None whatsoever really. Yep this page is a little neglected and no its not
'0-day'. Pressumably if it was providing good information in 1995 it still
should be of some use to people today, though. Security moves on,
but the principles remain the same, right?
Fixed a couple of the links in the C programming sub index.
Please check out my first ever java applet, a clickable IP datagram.
about this page
- the nearest thing I've got to a disclaimer (5K).
clickable IP datagram
- a quick guide to the IPv4 packet, written as a java applet (10K).
- excellent document on unix security by Dan Farmer and Wietse Venema (52K).
- the standards that define the protocols of the Internet.
glibc info pages
- a complete reference to unix C programming. Brilliant. The moon on a stick.
- apart from the glibc info pages, these are about the only freely available
documents that I've come across that cover unix network programming. Includes
'tutorials' on sockets (by far the commonest method of network programming in
C), and Sun Microsystems documentation on RPC. Unfortunately these files are
in a format that most WWW browsers can't handle, although these are so good
you'll probably want to print them out anyway.
- answers to questions which appear in comp.security.misc (see also
the 2600 / #hack FAQ published in phrack47 amongst other places) (78K).
computer misuse act
- a document about the U.K.'s computer misuse act that I'm too frightened too
read ;-) (12K).
- 5 postscript pages describing the security weakness of NIS (76K).
- 4 postscript pages on a creative use of TCP/IP written by Robert T
in 1985, but still valid today (not quite as good as his contribution
three years later, mind) (28K).
- 14 postscript pages that seem to be a good introduction to packet filtering
and its limitations (133K).
- 13 postscript pages that describe an attack envolving the takeover of a TCP
- an interesting use of ftp's 'PORT' command, which you can use to make ftp
servers connect to anywhere on the Internet, thus letting you use things
that don't trust your machine, but trust a ftp server (11K).
- "the best thing that you've got in life is your eight legged groove
- a program I wrote that does the UDP NIS spoofing described in the 'NIS_Paper'
- sends out a single UDP datagram with the source/destination address/port
set to whatever you like (kernel permitting). I've wrote this as an example
of how to use raw sockets (3K).
- 'hak' shell, a C program I've wrote that acts like a very basic
shell. This shell has a few internal commands some of which seem
to demonstrate features of the unix operating system (such as real and
effective UID's, process groups etc) quite well. The simplicity of
it should enable it to be 'hak'ed about by the C programmer so that
different unix system calls can be easily experimented with etc.
Also its input and output can be 'redirected'
to a socket, thus enabling 'interactive' remote access to computers
where the program can be invoked (14K).
- ypx, a program thats used in a similar way to ypcat(1) only this gets NIS
maps (such as the passwd and shadow passwd files) from any site that runs
ypserv(8) as long as you can guess the NIS domainname and they haven't blocked
the port (15K).
- similar to ypx only can use bootparam to determine a site's NIS domainname
(although ypx can try to guess it after connecting to the SMTP port). I
like this program because it comes as a single C source code file (10K).
- internet security scanner, a short program that automates common 'probes'
(such as connecting to the mail port, rpcinfo -p, showmount -e, etc) on a range
of I.P. addresses (57K).
- tries to guess user's passwords from the encrypted passwords in /etc/passwd
- a rather well known collection of utilities for checking unix systems for
holes (such as having the wrong permissions or ownership of system files)
- a much over hyped and misunderstood security tool written by Dan
Farmer and Wietse Venema. Its convenient for scanning lots of
computers and I suspect parts of it are quite clever but personally
I think I'd have preferred it if these two people had spent their time
writing an up-to-date sequel to their "admin's guide to cracking". If
you're looking for a tool to get your postmaster bombarded with complaints
from paranoid sites, this is just the thing :-) (379K).
Links to other sites:
- a HTML index to all his papers and programs.
ftp, www, etc:
- you can you program in C can't you? If not then its about time you
learnt. This sub-index to C courses/tutorials at other sites may help.
- Sun and HP manual pages in the UK. This isn't some poxy
cgi script either, even the 'see also's are linked. Very good, I'd have
liked to done something like this on this page.
- this UK ftp site looks very good from what I've seen of it.
Netcraft's security diary
- not got time to keep up with all them security mailing lists? - this diary
should give you some sort of quick idea of some of the latest goings on.
linux documentation project
- lots and lots of very useful documents. Far too many for me to include in
the unix reference desk
- top quality, its even got a link to my page on it ;-)
- archives of the bugtraq mailing list.
CERT's ftp site
- the CERT advisories. Unfortunately these people have a rather silly
habbit of trying to not give out information that enables people to exploit
holes, which tends to make it impossible to evaluate how serious (or not)
the holes are. They also can be laughably slow and often seem to have a
strange idea about what they should or should not report.
- now under new management. Some of the ideas are a bit lame, but I'll leave
you to make up your own mind.
Just in case you don't know about them already (list by no means complete)
(note some of these links might not work if your site doesn't get the
- stuff which hasn't made it on to my page for various reasons. Select this
only if you are sure you have read all the other stuff
properly and still have time to kill.
An access count for this site is not available. Just before it got censored
(march 96), this file on the original U.K. page got over 300 access a day.
Well thanks for looking at this page. Watch this space for future additions,
I may even try writing a few docs myself.
Please mail me your suggestions
If you're tired of reading about all this unix network security stuff you
might like to drop by the homepage of the UK's largest Internet BBS,
Looking for a Netherlands based ISP? Whilst I've seen many servers come and go,
after over 2 years I can safely say
Cistron Internet Services
do an excellent job of serving the home page of my domain,
See you around,
Arny - email@example.com
Reality is just one big computer