Spiga

LINUX-I


LINUX BASICS



Linux is an open source,free software operating system that was initially created as a hobby by a young student, Linus Torvalds, at the University of Helsinki in Finland. Linus had an interest in Minix, a small UNIX system, and decided to develop a system that exceeded the Minix standards. He began his work in 1991 when he released version 0.02 and worked steadily until 1994 when version 1.0 of the Linux Kernel was released. The kernel, at the heart of all Linux systems, is developed and released under the GNU General Public License and its source code is freely available to everyone. It is this kernel that forms the base around which a Linux operating system is developed. There are now literally hundreds of companies and organizations and an equal number of individuals that have released their own versions of operating systems based on the Linux kernel. More information on the kernel can be found at our sister site, LinuxHQ and at the official Linux Kernel Archives. The current full-featured version is Red Hat 9 is coming..
The GNU Project was launched in 1984 to develop a complete Unix-like operating system which is free software: the GNU system. Variants of the GNU operating system, which use the kernel called Linux, are now widely used; though these systems are often referred to as “Linux”, they are more accurately called GNU/Linux systems.


What is Free Software?


“Free software” is a matter of liberty, not price. Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software:
•The freedom to run the program, for any purpose (freedom 0).
•The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
•The freedom to redistribute copies so you can help your neighbor (freedom 2).
•The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.


Linux vs. Windows Design


•Windows has only recently evolved from a single-user design to a multi-user model. Linux is based on a long history of well fleshed-out multi-user design.
•Windows is monolithic, not modular, by design but Linux is mostly modular by design.
•Windows depends too heavily on an RPC model, Linux does not depend upon RPC to function, and services are usually configured not to use RPC by default.
•Linux servers are ideal for headless non-local administration, whereas Windows focuses on its familiar graphical desktop interface.


HACKING THROUGH WEB BROWSER


WEB BROWSER SECURITY


"Sorry dear readers,could not post new topics for the long time.I was really very busy those days.I get the time today to write something interesting,but i'm, still very busy,but I promise,I'll come back soon with a lot of new and interesting topics for all of our readers."


Now,come to our topic,friends,the web browsers like Internet Explorer,Mozilla etc can be used to fetch your secret documents and files.Now,let's learn this is possible.


A Web browser is a software application that enables a user to display and interact with text, images, and other information typically located on a Web page at a website on the World Wide Web or a local area network.Web browsers communicate with Web servers primarily using HTTP (hypertext transfer protocol) to fetch webpages. HTTP allows Web browsers to submit information to Web servers as well as fetch Web pages from them. The most commonly used HTTP is HTTP/1.1, which is fully defined in RFC 2616. HTTP/1.1 has its own required standards that Internet Explorer does not fully support, but most other current-generation Web browsers do.


HOW THIS COULD BE USED
Pasco (the Latin word for "Browse") is a command line tool that runs on Unix or Windows and can reconstruct the internal structures for IE Index.dat files. Pasco accepts an Index.dat file, reconstructs the data, and outputs the information in a delimited text file format. This format is useful when you need to import the data into a spreadsheet such as Microsoft Excel. Figure 1 shows Pasco in action.
Pasco shows that IE saves the following fields from a single web site visit in the Index.dat file: The record type - Pasco signifies the activity is either a URL that was browsed or a website that redirected the user's browser to another site.

>The URL - The actual website that the user visited.

>Modified Time - The last moment in time the website was modified.

>Access Time - The moment in time the user browsed the website.

>Filename - The local file name that contains a copy of the URL listed.

>Directory - The local directory you can find the "Filename" above.

>HTTP Headers - The HTTP headers the user received when he browsed the URL.

Nowdays,most websites use CGI scripts .These scripts are located in the /cgi-bin directory.These scripts can be downloaded for further examination or even use these scripts to steal passwords to access password protected parts of the website.


So,simply type the following in the location bar of your browser,and observe what you get-


The most common way to get the password file is to FTP anonymously and check if it in the /etc directory access to the passwd is restricted or not.If it is not restricted then download the file and firstly unshadow it and then crack it.First you need to find a box t hat is running the cgi-bin/phf file on their system. A great way to find out without trial and error is to go to http://www.altavista.com/ and just search on cgi-bin AND perl.exe or cgi-bin AND phf.


>>Finger box hacking: Lets say you wanted to break into somewhere like .... hmmmm AOL. The first thing we would do is type in their web site in the URL: http://www.aol.com./ The next thing we would do is add /cgi-bin/finger to the web URL so it would look like thisHttp://www.aol.com/cgi-bin/finger. If the finger gateway is operational a box should appear for you to enter the name you want to finger. If it is operational you have a chance to receive the etc/passwd file. Next thing you will probably want to do is search for a mailto on the web page... just scan the page for any mailto refs. Go back to the finger box and type in this query......

nobody@nowhere.org This email address is being protected from spam bots, you need Javascript enabled to view it /bin/mail

me@junk.org This email address is being protected from spam bots, you need Javascript enabled to view it