Parent-Message-Id: <12229084762.30.AWALKER@RED.RUTGERS.EDU> There is a flaw in the Berkeley 4.3 Unix passwd program that makes a tape attack on a password feasible. (We haven't looked at any other versions of Unix.) From passwd.c: time(&salt); salt = 9 * getpid(); saltc[0] = salt & 077; saltc[1] = (salt>>6) & 077; for (i = 0; i < 2; i++) { c = saltc[i] + '.'; if (c > '9') c += 7; if (c > 'Z') c += 6; saltc[i] = c; } pw = crypt(pwbuf, saltc); What does the salt depend on? Well, the paper on unix password security by Morris and Thompson states that the choice of seed is based upon the time of day clock and that there are 4096 different possible seeds. (See "Password Security: A Case History" CACM, v 22, n 11, November 1979, p. 594. That paper is often distributed with Unix manuals.) On first glance at the above code, we were surprised to find a call to getpid() in addition to the expected call to time(). A close inspection of the first two lines of the above code reveals that result of the call to time() is completely thrown out in the next line of code. The salt depends only on the process ID number of the passwd program! But, lets go ahead and assume that a call to getpid() produces a sufficiently random 16 bit number. What's the effect of multiplying by 9? Well, since on the next two lines, only the low 12 bits of the variable "seed" are used, the multiplying by 9 reduces the number of possible seeds by a factor of nine. For example, after the second line of code above, the variable "seed" could be 0, 9, 18, 27, etc, but it could never be any value that is not a multiple of 9. Thus the passwd program can only produce 4096/9 (= 456) of the 4096 possible salt values. (It's amusing to note that without the second line, or if the operator was "+=" instead of just "=" in the second line, the code would generate all 4096 different seeds with about evenly distributed probabilities.) So what? Well, imagine taking a dictionary of 30,000 likely passwords and producing 456 different files, one for each different salt, and each containing 30,000 hashed passwords, each on a separate line, and in the same order as the words in your dictionary. Each file would be about 270 thousand bytes long (including line-feeds) and all the files together could be kept on two 6250bpi tapes (which hold about 100 megabytes each). Now, to determine somebody's password from their entry in the password file (assuming that their password is in your original dictionary), position the appropriate tape at the start of the file corresponding to the that user's salt and grep -n the tape for the hashed password. (This will be vastly faster than 30,000 calls to crypt(), even the faster versions described in an earlier message.) If the salt could take on all 4096 possible values, you would need instead need around 15 tapes to hold all the files. All this underlies the importance of choosing a password which is not in any dictionary and which is long enough. Bob Baldwin BALDWIN@XX.LCS.MIT.EDU ...!ihnp4!mit-eddie!baldwin and Tim Shepard SHEP@XX.LCS.MIT.EDU ...!ihnp4!mit-eddie!shep ------- provided for your consideration by: | Striker | Phortune500/BOD -=>The DEC Hunters<=- ============================================================================== UNIX* Usage Notes The following is a collection of information on various UNIX topics: Logging On ---------- You need a username and a password, supplied by the system administrator. Some systems have guest accounts ("guest", "netguest", and other names). To find out who's on the system without logging in, "who", "finger", or "w" may work on your system. (WARNING-- When you get a username or password wrong, a message gets printed out on the system console. Trying to brute-force your way into someone else's system is stupid, and you can get caught easily.) There is a new Federal law that prohibits fucking around with computers across state lines; many states also have tough computer-crime laws. You're best off (believe me, I KNOW) using a UNIX system you have legitimate access to, such as a school's system or a public access UNIX/Xenix (there are a few in New York and other places; where you pay a certain amount per month). Special Characters ------------------ ctrl-C (DEL (Ascii 127 on some systems) Interrupt. Stops the current program. (intr) [<-- name for changing it with the "stty" command] ctrl-B (or ctrl-\ (28)) Quit. Like control-C but stronger. Often works when ctrl-C doesn't. Try ctrl-C first; some programs catch it so they can clean up and exit gracefully. (quit) ctrl-D End-of-file. Used to end input when the terminal is being read as a file (mail senders and many other programs do this). If you type control-D to the shell (command interpreter), it will usually log you out. (If not, use "exit" or "logout".) (eof) DEL (or ctrl-H) Erase the last character typed. (erase) ctrl-U (rarely @) Erase the line typed so far. (kill) ctrl-S Pause during output. (stop) ctrl-Q Resume during output. (start) ctrl-M Will usually work just like RETURN. ctrl-J Will usually work just like RETURN. As you can see, special characters are hardly standardized. (Old UNIX's used to use # for character erase!) Give the "stty" command to see the settings on your system, or to change them for your terminal session. To change the erase to backspace (ctrl-H), give the command "stty erase '^H'". Getting Information on Commands ------------------------------- "man" is the standard command for getting information. "man mail" tells you all about the 'mail' command. "man -k delete" gives you a list of everything matching the keyword 'delete'. Sending and Receiving Mail -------------------------- "mail joe" sends a letter to the username 'joe'. Type your letter on the next lines, ending with control-D on a line by itself. "mail" lets you read your mail. When it asks whether to "save?", 'y' saves the letter in your file 'mbox' (for old mail); 'n' gets rid of it. Many systems also have more sophisticated programs for sending and receiving mail (for those, type a "?" at the mail prompt "_" or maybe "-"). Directories ala UNIX -------------------- UNIX files are arranged in a tree structure. (If you're used to MS-DOS or PC-DOS, just use forward slashes / instead of backslashes \, and forget about drive letters, and you'll be fine.) There is a root directory, the "top" of the file system. At any point, there can be subdirectories, which are just named areas to put files in so they won't clutter up the root directory. These subdirectories can contain sub- directories, which can contain other subdirectories, and so forth until the disk can't hold any more files. Here's an example of what *part* of a UNIX filesystem might look like: (root) / ++++++++++++++++++++++++++++++++++++ + + + + + + + + + + + + unix/ bin/ etc/ lib/ tmp usr/ + + + + ++ ++ lib dev src + + + + + + + + + + + + + adm bin george bill mikey A name like /foo/bar means start at the root, go to subdirectory foo, then to the file bar (which can be either a subdirectory or a plain file). "foo/bar" (no slash at the beginning) means start at the CURRENT DIRECTORY (the 'pwd' command tells you where you are), and go through subdirectory foo to bar. foo means foo in the current directory. . (a dot) means the current direc- tory itself; .. (two dots) means the parent directory, one level above the current one. So ./xyzzy is the same file as xyzzy. /unix is the UNIX kernel, the system routines that get read in when the system is booted up. /bin and /usr/bin (and other places like /usr/local on most systems) hold command programs; when you type 'pwd' or 'ls' (list files) or most other UNIX commands, these directories are checked for the 'pwd' or 'ls' program or what- ever. Almost all UNIX commands are ordinary programs; nothing magical. /etc, /lib, /usr/lib, /usr/adm, etc. hold "miscellaneous" system files. A few of these are quite critical; I'll discuss them later. /tmp and /usr/tmp are work areas for temporary files. They get cleared regularly, at least whenever the system is re-"booted". In this example, /usr/george, /usr/bill, and /usr/mikey are three users' file areas or "home directories". Naming of home directories varies wildly between UNIX systems; they might look like /usr/george or /usr/users/smith or /home/andrews or /i/ins/.heyho. When you log in, your current directory is set to your home directory. Commands for Managing Directories --------------------------------- cd Change Directory - move to another current directory (e.g. "cd /usr/george" or "cd .."). Plain "cd" takes you to your own home directory (unlike MS/PC-DOS!). pwd Print Working Directory - prints your current (default) directory. Lets you see where you are. mkdir MaKe DIRectory, e.g. "mkdir hacks" to create a subdirectory named "hacks" under your current directory. rmdir ReMove DIRectory. The directory must be empty. Other File Commands ------------------- ls LiSt files. You may give directories or filenames after "ls", or "ls" by itself will list the current directory. ls -l List in Long format (with protection, owner, size (in characters) and date before the filenames. ls -a List All files; ordinarily files starting with a dot are not listed. Many "setup" files have names like .profile, .login, .cshrc, .sendrc, and so forth. Ordinarily "ls" doesn't bother you with them. ls -d foo Lists "foo" as a file; doesn't list what's inside if foo is a directory. Useful in combinations like "ls -ld foo". Other options can be combined this way, like "ls -al". cat chow Prints the contents of the file "chow" on your terminal. rm trash ReMoves (deletes) the file "trash". Once it's gone, you can't get it back again. chmod Changes file protections. More about that later. ed, vi, ex, emacs, ... Text editors. Consult any good introductory UNIX book. Input/Output Redirection ------------------------ Using "file" redi- rects output to "file", clobbering whatever was in it before. ">>file" means append to the end of "file". "foo a b c | bar x y z" means to run the command "foo a b c", and give its output as the input of the command "bar x y z". This is called a 'pipe' between the commands; UNIX hackers call '|' a "pipe sign". For example, "cat" (like many commands) uses standard input if you don't give a filename. If you say "cat >piss", it'll read from your terminal until you hit control-D, and put that text into the file "piss". Special Filename Characters (Wildcards) --------------------------------------- '*' in the command line matches any string of characters within a filename. '?' matches any ONE character. '[abc]' matches 'a', 'b', or 'c'. For example, "*.c" will match "foo.c", "prog2b.c", and ".c", but not "mailbox" or ".c.d.e". A dot at the beginning of a filename (as in ".profile") and directory slashes will not be matched -- you have to type them explicitly. These wildcards are expanded on the command line. So if you type "echo a*b", "echo" might be run with arguments "abb" "alba1.b" etc., or whatever. (echo just echoes back its arguments to you; "echo *" works a lot like plain "ls".) UID's, GID's, and File Protection --------------------------------- Your account has a User ID (uid) number, which identifies which files you own, and a Group ID (gid), which determines which files you can access as a member of "the group". A uid of 0 is special. It signifies the superuser, who can read any file and write any non-directory. Superusers can use "chown" and "chgrp" to change the ownership of files, and in general do anything we damn well please. There is usually an account "root" whose uid is 0. If you're running a UNIX system, NEVER give the superuser password to anyone who doesn't have a DAMNED EXCELLENT reason to know. (change the password frequently--maybe every week or two; ALWAYS whenever an "employee" leaves). There are three ways to access a file -- owner, if your uid matches that of the file; group member, if your gid matches the file's; and other. Whenever you create a file, it is given your uid and gid. The "ls -l" display shows the protection code for a file (which the owner may change). A typical "ls -l" line might look like this: -rw-r--r-- george users 6125 May 20 15:42 stuffy-funk prot.code owner group size mod.date name (these correspond to uid & gid #'s) The protection code can be broken down into several sections: - rw- r-- r-- 1 2 3 4 1: 'd' for a directory, 'b' or 'c' for "special files" which are really devices, and '-' for ordinary files. 2: permissions for the owner. 'r'=read, 'w'=write, 'x'=execute. 3: permissions for the group. 4: permissions for others. Protection on Directories ------------------------- Since it makes no sense to 'execute' a directory, the protection bits have a slightly different meaning on a directory. Execute means you can access files and subdirectories if you know their names. (If a directory has execute but no read permission, you can't "ls" it to see what's there, but you can use files you know are there.) Read means you can look to see what's there with "ls" or with special filename characters. Write means you can create and delete files in the directory. THIS IS THE ONLY PROTECTION DEALING WITH DELETING FILES - it doesn't matter whose file it is, as long as you have write permission in its parent directory. SetUID and SetGID programs -------------------------- If the setuid bit of an executable file is set, then whenever you run that file, your "effective uid" temporarily becomes that of the file. This is commonly used for games which write to a high score file that people should not be able to mess with otherwise. The "set group id" bit works similarly. These bits show up as an 's' instead of an 'x' in the owner and group sections of the protection code. The "Sticky" Bit ('t' bit) ---------------- Only the superuser can set the sticky bit, which shows up as a 't' in the "others" section of the protection code. This bit means the program can't be swapped out of memory, speeding up access time for small systems programs that are used often. This bit can also be set as a part of your trusty hack program (to be presented in a later installment). Changing File Protection with "chmod" ------------------------------------- The chmod command has the form "chmod CODE FILE(S)". CODE is an octal code made by or-ing together the following: 04000 set user id on execution 02000 set group id on execution 01000 sticky bit [program is loaded into buffer] 0400 read permission for owner 0200 write permission for owner 0100 execute permission for owner 040, 020, 010 read, write, execute for group 04, 02, 01 read, write, execute for others For example, "chmod 644 trash" would set the file "trash" to be readable and writable by the owner, and only readable by others (or world). Of course, only the owner or the superuser can use chmod on a file. The Password File -- /etc/passwd ----------------- The file /etc/passwd lists all the accounts on the system. It is stored in a printable form, and everyone can read it. Each account is represented by a line like george:D/d7C.Xyu3pPr:205:40:George Porgie:/usr/george:/bin/sh 1----- 2------------ 3-- 4- 5------------ 6---------- 7------ There are seven parts, separated by colons. 1: the username 2: the encrypted password. The encryption algorithm is supposed to not be reversible; to check the password you type while logging in, UNIX encrypts your guess and sees if the encrypted version matches. If no value is given (like in "guest::99:99: ...etc..."), no password is necessary. If you see an "X" or "*" or "NOLOGIN" or something here, then nobody can log into the account, since the "X" will never match an encrypt- ed password. 3: the user id 4: the group id. (The file /etc/group lists group ids and group names.) 5: usually the person's real name 6: the home directory 7: the command interpreter to use. The default is "/bin/sh". Special accounts like "who" work by putting the program name (like /bin/who) here; as soon as this "command interpreter" finishes, the account is logged off. The SU Command -- Temporarily Switching to Another Account -------------- If you give the command "su bill", it will ask for a password. If you give bill's correct password, you temporarily switch into bill's account. Type a control-D to get back to your own account. "su" by itself means the same as "su root". *WARNING*!! Every time you use su to try to get into a superuser account, it prints a message on the system console (something like "SU george 20 May 1986 15:42" if you get in; "BADSU" etc. if you don't). Don't try to force your way in with "su" -- they'll notice and possibly trace your phone line. ============================================================================= This is the end of my introduction to UNIX* systems. Look for further installments on the UNIX series of operating systems. (Including "Hacking" philes :-) ---Striker---> 1/12/86 ---=======--> uVaxSquad! * UNIX is a trademark of AT&T Bell Laboratories -|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|- note: I wrote this particular doc phile last year and I haven't included changes from the new System V and System 7 releases. In the future there will be appended versions with Xenix and BSD specifics... | Striker | Phortune500/BOD -=>The DEC Hunters<=- uucp ...!ihnp4!mb2c!fmsrl7!cideq3!striker {ihnp4,seismo,philabs,ucbvax}!decvax!cwruecmp!ncoast!bizarre ...!ucbvax!ucivax!amovax!conexch!striker Inter striker@cideq3.cidnet.com ncoast!bizarre%Case.CSNET@CSnet-Relay.ARPA ******************** Basic Unix Use By Lord Lawless Phortune 500 Board of Directors ******************** March 8, 1987 ------------- This file is basically a brief introduction and overview for the beginning hacker to the Unix operating system. All information contained herein is accurate to the extent of my knowledge. This file is intended for inform- ational purposes only and the author (Lord Lawless) is in NO way responsible for the use of this file for purposes other than the aforementioned. Part I: What is Unix? ---------------------- Unix is an operating system, so designated because it allows a user to interface with a computer in a way that is (hopefully) easy for the user to learn and use. Unix can be known by other forms, PC-Unix, Xenix, etc., but they all basically are the same (with slight differences this file won't go into) and use the same commands. Unix is a wonderfully simple to use OS once you begin, and while this file will help you I recommend that you find a Unix system somewhere and wander around on it to help yourself to learn. To put this more formally: The UNIX system is a set of programs that include a time-sharing operating system and a set of utility programs. The operating system has two basic parts: 1) The kernel is the program in the UNIX operating system that is responsible for most operating system functions. It schedules and manages all the work done by the computer and maintains the file system. It is always running, and is invisible to users. 2) The shell is the UNIX operating system program responsible for handling all interaction between users and the computer. It includes a powerful command language called "shell language"*. The utility programs (usually called UNIX commands) are executed through the shell, and allow users to communicate with each other, to edit and manipulate files, to write and execute programs in several programming languages, and many other things. Part II: Recognizing a Unix system ------------------------------------- When you connect to a Unix system you will see a message usually like "AT&T Unix: Unauthorized use will be Prosecuted!" or just "Unix System V" or the like. At the least you will see a prompt saying "login:". At this point, if possible, make sure that you are in lowercase, because if the computer det- ects that you are typing in uppercase everything you read after will be in uppercase with lowercase denoted by a \ in front of the word. This is because Unix is case sensitive, so be careful, reading lowercase is much easier than reading all uppercase and slashes. Ok, so here you are at the Unix "login:" prompt. Part III: Logging on --------------------- At this point you must enter your login, and then, if the account ( never more than 14 characters) has one, the password. Now, all Unix systems have default accounts, and unless set by the Root System Operator no passwords. This has been the means of infiltration by many the Unix hacker. There are two types of accounts in a Unix, the "super user" and the "user". The super user has access to almost everything (or everything depending on the system) and the user basically has access to the files he owns and what he can sometimes read. The default super user accounts on a unix are: ROOT MAKEFSYS MOUNTFSYS UMOUNTFSYS CHECKFSYS and sometimes ADMIN SYSADMIN. For passwords to these try things like SYSTEM, SYSMAN, SYSADMIN, ADMINISTRATOR, OPERATOR, SYSOP, etc. The default user-level accounts are: LP DAEMON TROUBLE NUUCP UUCP RJE ADM SYSADM SYNC BIN (Note: These accounts should be entered in lower case , I merely wrote them in upper case for easier reference.) After being on Unix's, I have also seen the following common accounts: USER UNIX GAMES GUEST STUDENT -on school run Unix's. The maximum length of a password is 11 characters. After doing all this you should, with luck, be in! If you couldn't hack anything out, try typing "WHO" at the login: prompt, it may list all the user accounts and you can try them until you find one without a password. Part IV: You're in!!! ---------------------- Congratulate yourself, the hardest part of Unix "hacking" is over. Ok, now that you're in you'll see a prompt which will probably look like "$" for a user account or "#" if you got lucky and got a super user account. (Quick note, to stop a unix process in action try typing ctrl-d or control backspace, these are the end of file/Stop process keys.) Ok, so you are now in. Let me give a quick lesson on Unix directories. In Unix, the root is the main directory, and it contains subdirectories which may contain subdirectories etc. In order to change to the root directory, one would type "cd /". This is because "cd" is the command "change directory" and "/" is the root directory. To change to subdirectory "Bill" contained in the root directory, you would type "cd /Bill" or, if you were in the root dir, just "cd Bill". If you wanted to access Bill's files, you'd enter "cd /Bill/files" assuming Bill had a subdir called files where he kept his files. This is how a person would move around in a Unix sys. Graphically, it looks like this: Root __________!!_________ !! __Bill__ !! __Files__ Part V: Basic Commands ----------------------- Ok, these commands are the most useful ones that I've found and can are entered from the prompt. Command:What it does -------------------- ls gives a listing of all files in a directory cat gives a dump to screen of what is contained in a file. For instance "cat phones" would show me what is in file "phones". cd change directory pwd shows what directory path you are in now ps shows system processes rm remove a file, for instance "rm phones". rmdir removes a directory, for instance "rm Bill". grep print ascii strings in a file, ie "grep phones" who shows who's on the system mail sends mail to a user, syntax mail su change from 1 account to another. For instance, if you are account Bill and wish to change to account Jake (which is unpassworded) just type "su Jake" and you will change to him. If Jake has a password you will be prompted to enter it. This is useful for login in under a user account and switching later to a super user account. passwd allows a user to change his password. If you are a superuser you can change someone elses password by typing "passwd ". mkuser make a user (providing you are a super user) mkdir create a directory More Information about Commands ------------------------------- The following are more of the most basic Unix commands. cat cd chmod cp cut date echo egrep fgrep file find glossary grep help ln locate ls mail mesg mkdir mv news pr ps pwd rm sleep sort starter stty tabs tail tee time touch tty uname usage wall wc who write Using the Command: mkdir Syntax Summary: mkdir dir_name1 [ dir_name2 ...] where: dir_names are simple subdirectory names, relative pathnames, or full pathnames Description: mkdir creates one or more new directories. If mkdir is given a simple name as an argument, the new directory will be a subdirectory of the current directory. You can make new directories anywhere in the file system by giving mkdir a complete or relative pathname for the new directories, if you have permission to write in the directory where the new directory is to be created. Ok, those are the basic commands you will need to go around in the system. Part VI: Useful Information ---------------------------- A great place to go to get information on who is on the system and what accounts you can use to get on again is contained in the file "passwd" in the "etc" directory. To look at it, cd etc, and then cat passwd. The first entry should say something like this: root:adfaBADca:0:1:Operator:/:/bin/sh what this means is that the root account has an encrypted password, has super- user capabilities (any user with a 0 in that slot is a super user) is in group 1 (relatively unimportant for this file), has a comment of Operator (this may be blank), has a home directory of / (the root) and uses the Bourne Shell, kept in the /bin directory. You will then see all the other users listed out in the same format. If you see an account followed by two colons, that means that it has no password. You want these accounts so that you can log in under them another time. If you get real lucky you may see something like this: makefsys::0:1:/bin:/bin/sh meaning that you have found a super user account with no password, a very useful item indeed. Another good place to look is the /usr/spool dir and the /usr/spool/cron/crontabs dir because if you are a super user that dir contains much that will be useful to you. In order to move up to a directory one level higher than you are presently in, type "cd ..". So to move from /Bill/files to /Bill I would just type cd .. and, assuming I started in /Bill/files I would now be in /Bill. Ok, now you can wander the system "cat"'ing around and whatnot. If a file doesn't "cat", try just typing it's name, that will execute it if you have the privileges. Try typing "admin" or "ua" if you are a superuser nad maybe you'll be able to create users or other interesting things. You may not be able to cat a file or run it because you lack access permissions. What are they? Read on! Access Permissions ------------------ access permissions: permissions: mode: owner: owner/group/others: read/write/execute As the user of a UNIX system, you can decide who can read, write, and execute the files and directories that you own. You are usually the owner of files and directories that you have created in your login directory and in the "subdirectories"* in your login directory. You may also own files in other peoples' directories. You control the use of your files and directories by specifying the access permissions, also called the mode, for each. You can specify different access permissions for yourself, your "group"*, and the other users of the system. Permission to read allows the user to read the contents of the file. Write permission allows the user to change the file and execute permission enables the user to execute the program within the file. ls -l prints the access permissions for each file and directory in the current directory. The sample listing below shows the mode of the file (preceded by a -), the number of "links"*, the owner, the "group ID"*, the size in characters, the date and time the file was last modified, and the "filename"*. -rwxr-x--x 1 sandy 12345 128 Oct 9 9:32 lock If this were a listing for a directory, the hyphen (-) would be replaced by the letter d. The owner of the file "lock" can read, write and execute the file, the group can read and execute it, and the others can only execute it. You can change the mode of your files and directories by using the change mode command, chmod. Other interesting places to look are in the directories assigned to the users on the Unix system, often their files will contain some useful information. Also try going into the /uucp directory or looking for any uucp dir anywhere as it may contain phone numbers to other Unix systems or other "goodies". The *: asterisk --------------- In the shell, an asterisk matches any "string"* of characters in a "filename"* on a command line. The command rm temp* removes all files from the current working directory that begin with the string "temp". Files like "temp", "temp1", "temp.1", and "temp.save" would all be deleted. An asterisk alone matches any filename in the current working directory except those beginning with "dot (.)"*. For example, rm * removes all the files in your directory except for the dot (.)files. Finally, typing help at the unix prompt may bring up a help manual that is usually quite well done and will help you if you are stuck or wish to explore in more depth the commands I didn't go into. Hmm, what else? I can't think of much more right now that would help you much more, in this file I think I've covered everything that should get you well on your way towards becoming a unix hacker. Once you've got this, start reading files on "Unix Shells", "Scripts", and ask around A LOT. Ah, I just remembered something. To get help on a command, type "man " or "whatis " and you may find out. Also, a lot of Unix's have a built in Help feature somewhere, try to get to it. Part VII: A Few Final Words ---------------------------- If you manage to get onto a Unix system, don't screw it up. Unix is a great operating system, and fun to learn on and have other people learn on. Don't become a superuser and delete everything or other things, it's just not worth it. Also, don't make a user called "Hacker" or "Shadow 1" or something, that's a blatant giveaway. Put an account a little out of the way directory, and create user level accounts if you must, and perhaps just 1 super user level. I can't think of much more to say on the basics, though I probably left some important things out....nobody's perfect. I hope you enjoyed the file and I can be found on the following boards: The Private Connection The Undergraduates Lounge Quick Shop Phreak Klass 2600 The Brewery The Works Slaughterhouse 5, Holovision Network Node 1 Spock's Brain Special Thanks to: The Prophet, for his excellent file: Unix Use and Security From the Ground Up. The End, good luck, enjoy yourself, and don't get caught! Lord Lawless Phortune 500/BOD --This has been a Lord Lawless Presentation, (C) 1987.-- (C) 1987 Phortune 500