This is a paper will be broken into two parts, one showing 15 easy steps to becoming a übercracker and the next part showing how to become a überadmin and how to stop a übercracker. A übercracker is a term phrased by Dan Farmer to refer to some elite (cr/h)acker that is practically impossible to keep out of the networks.

Here’s the steps to becoming a übercracker.

Step 1. Relax and remain calm. Remember YOU are a übercracker.

Step 2. If you know a little Unix, you are way ahead of the crowd and skip past step 3.

Step 3. You may want to buy Unix manual or book to let you know what ls,cd,cat does.

Step 4. Read Usenet for the following groups: alt.irc, alt.security, comp.security.unix. Subscribe to Phrack@well.sf.ca.us to get a background in übercracker culture.

Step 5. Ask on alt.irc how to get and compile the latest IRC client and connect to IRC.

Step 6. Once on IRC, join the #hack channel. (Whew, you are half-way there!)

Step 7. Now, sit on #hack and send messages to everyone in the channel saying “Hi, Whats up?”. Be obnoxious to anyone else that joins and asks qüstions like “Why cant I join #warez?”

Step 8. (Important Step) Send private messages to everyone asking for new bugs or holes. Here’s a good pointer, look around your system for binary programs suid root (look in Unix manual from step 3 if confused). After finding a suid root binary, (ie. su, chfn, syslog), tell people you have a new bug in that program and you wrote a script for it. If they ask how it works, tell them they are “layme”. Remember, YOU are a überCracker. Ask them to trade for their get-root scripts.

Step 9. Make them send you some scripts before you send some garbage file (ie. a big core file). Tell them it is encrypted or it was messed up and you need to upload your script again.

Step 10. Spend a week grabbing all the scripts you can. (Dont forget to be obnoxious on #hack otherwise people will look down on you and not give you anything.)

Step 11. Hopefully you will now have atleast one or two scripts that get you root on most Unixes. Grab root on your local machines, read your admin’s mail, or even other user’s mail, even rm log files and whatever temps you. (look in Unix manual from step 3 if confused).

Step 12. A good test for trü übercrackerness is to be able to fake mail. Ask other übercrackers how to fake mail (because they have had to pass the same test). Email your admin how “layme” he is and how you got root and how you erased his files, and have it appear coming from satan@evil.com.

Step 13. Now, to pass into supreme eliteness of übercrackerness, you brag about your exploits on #hack to everyone. (Make up stuff, Remember, YOU are a übercracker.)

Step 14. Wait a few months and have all your notes, etc ready in your room for when the FBI, Secret Service, and other law enforcement agencies confinscate your equipment. Call eff.org to complain how you were innocent and how you accidently gotten someone else’s account and only looked because you were curious. (Whatever else that may help, throw at them.)

Step 15. Now for the trü final supreme eliteness of all übercrackers, you go back to #hack and brag about how you were busted. YOU are finally a trü übercracker.

Now the next part of the paper is top secret. Please only pass to trusted administrators and friends and even some trusted mailing lists, Usenet groups, etc. (Make sure no one who is NOT in the inner circle of security gets this.)

This is broken down on How to Become an überAdmin (otherwise know as a security expert) and How to stop übercrackers.

Step 1. Read Unix manual ( a good idea for admins ).

Step 2. Very Important. chmod 700 rdist; chmod 644 /etc/utmp. Install sendmail 8.6.4. You have probably stopped 60 percent of all übercrackers now. Rdist scripts is among the favorites for getting root by übercrackers.

Step 3. Okay, maybe you want to actually secure your machine from the elite übercrackers who can break into any site on Internet.

Step 4. Set up your firewall to block rpc/nfs/ip-forwarding/src routing packets. (This only applies to advanced admins who have control of the router, but this will stop 90% of all übercrackers from attempting your site.)

Step 5. Apply all CERT and vendor patches to all of your machines. You have just now killed 95% of all übercrackers.

Step 6. Run a good password cracker to find open accounts and close them. Run tripwire after making sure your binaries are untouched. Run tcp_wrapper to find if a übercracker is knocking on your machines. Run ISS to make sure that all your machines are reasonably secure as far as remote configuration (ie. your NFS exports and anon FTP site.)

Step 7. If you have done all of the following, you will have stopped 99% of all übercrackers. Congrads! (Remember, You are the admin.)

Step 8. Now there is one percent of übercrackers that have gained knowledge from reading some security expert’s mail (probably gained access to his mail via NFS exports or the güst account. You know how it is, like the mechanic that always has a broken car, or the plumber that has the broken sink, the security expert usually has an open machine.)

Step 9. Here is the hard part is to try to convince these security experts that they are not so above the average citizen and that by now giving out their unknown (except for the übercrackers) security bugs, it would be a service to Internet. They do not have to post it on Usenet, but share among many other trusted people and hopefully fixes will come about and new pressure will be applied to vendors to come out with patches.

Step 10. If you have gained the confidence of enough security experts, you will know be a looked upto as an elite security administrator that is able to stop most übercrackers. The final trü test for being a überadmin is to compile a IRC client, go onto #hack and log all the bragging and help catch the übercrackers. If a übercracker does get into your system, and he has used a new method you have never seen, you can probably tell your other security admins and get half of the replies like – “That bug been known for years, there just isn’t any patches for it yet. Here’s my fix.” and the other half of the replies will be like – “Wow. That is very impressive. You have just moved up a big notch in my security circle.” VERY IMPORTANT HERE: If you see anyone in Usenet’s security newsgroups mention anything about that security hole, Flame him for discussing it since it could bring down Internet and all übercrackers will now have it and the million other reasons to keep everything secret about security.

Leave a Reply

Your email address will not be published.