|+++++++++++++++++++++++++++++++++++++++| |What a root can do to you? | |by tHeMaNiAc | |contact me at: themaniac@blackcode.com | |http://www.blackcode.com | |+++++++++++++++++++++++++++++++++++++++| This guide is for educational purposes only I do not take any responsibility about anything happen after reading the guide. I'm only telling you how to do this not to do it. It's your decision. If you want to put this text on your Site/FTP/Newsgroup or anything else you can do it but don't change anything without the permission of the author.I'll be happy to see this text on other pages too. All copyrights reserved.You may destribute this text as long as it's not changed. Home Page: users.ldproxy.com/maniac Author Notes =-=-=-=-=-=-= In this text I'll tell you things that your root can and maybe is doing on you know and ways that you can stop the root from doing them.Also I'll tell you how to become a friend with your root and one story about me and my root.The story i'm talking about here is for real so be sure because most of the roots are always monitoring if they're not stupid or lazy. Table of Contents -1.What a root can do to you? -2.A Story about me and my root -3.When the root will start monitoring you? -4.How you can check if the root is monitoring you? -5.How to protect? -6.Ways to prevent your root from monitoring you -7.Terms in this text -8.Final Words 1.What a root can do to you? Well when someone is root is on some system he/she can do EVERYTHING on the system and the users. As you see ALL of your traffic conversations and so on can be captured because they all goes through the network. The root can sniff your ICQ messages because they're all send in plain text,IRC messages also the root can see which sites you're on which sites you visit most,read your e-mail sniff your passwords basically everything that you do when you're online.Also the root may see if you're port scanning another host,also check you're trying to send spoofed packets and of course the pop3 users. When someone start checking 1 e-mail account from 2 different accounts the root will start monitoring him closer. Well basicly anyone with proper level of access to TCP/IP packets can get any packet on the net and read what's in. It also can be done in a Windows,Mac and Unix system. As you all see if someone like you interested in hacking this is REALLY bad thing but be sure a lot of roots are doing it for the security of their systems. 2.This is one story about me and the root from the ISP I left Well I contacted one friend about giving me shell on his server via unencrypted e-mail and he said he'll send me the user the pass via e-mail.I didn't know that my root was monitoring me.So I received the e-mail with subject: "Password" and of course there was my password. I used the shell 2 times for some work and on the other day I received e-mail from my friend saying that I entered 3 times and the third one was from root@myisp.com!!!!!! I didn't know what to say.He asked me if I was root at the server,and of course I told him I wasn't. He cheked closer and noticed that the root of one of the servers of my network was there the previous night. Then I told him that I think my root took me my password and I asked him what was he doing on the server. He said that he went to all of my directories copied some texts and other things and tried the su command with password:hacker Lame heh. There was no other thing that might happened.My root read my e-mail saw the password and entered to see what's there. I was thinking why would the root monitor exactly me and not someone else.Check out the next section and you'll understand. 3.When the root will start monitoring you? Later I realized that if I was root I'll also start monitoring someone like me. The ISP was not so big with not so much clients I mean.I was making a lot of traffic receiving a lot of e-mails from various mailing lists,sending and receiving big e-mail and always staying more than the time I have.Every root that is a little paranoid will ask himself what is this guy doing so much receiving so much e-mails and sending big one, staying so long online not as the other users. And of course the root will start monitoring you. Also if he/she start checking from where you're receiving e-mails and if he find something like hacker@security.org be sure he/she will start monitoring all of your traffic. 4.How you can check if the root is monitoring you? You may be interested is your root monitoring you Well here's something you can try.I tried this on the root that once get my password and it works again. Tell someone but via the phone(remember you're not sure if the root is monitoring you) to send you an e-mail with subject like "PASSWORDS" "HACKING" "EXPLOITS FOR yourISP" and something that you take the root's attention. Then of course inside should be user name and password for some server. Also it would be AWESOME if you add something like that "Hey dude I trust you and I won't keep any logs of you so you can enter whenever you want and do whatever you want I trust you" This will make your root think he's secure and won't be traced and he'll have the chance to look what's there also try to add something in the e-mail like "Hey when you start smurfing or ping flooding something be sure he's someone that won't understand what's going on because I don't want problems Also when you exploit some site remove yourself from the logs" and "I left you some expoits that you wanted for your ISP in the /home/hacker dir" This will make your root go there and check immediately what's going down because your friend said that there are some exploits for your ISP. Of course the server will keep logs of everything and if your root is monitoring you you'll get him caught. 5.How to protect? Well you may ask how can I protect myself from such roots and do my work without being watched? There's one word that will help you:Encryption You should encrypt EVERYTHING your telnet sessions with Secure Shell,your ICQ conversations with ICQ secret messanger,your e-mails with PGP and so on. This will keep your root away from your messages and conversations.Also your root may log what you're typing and sending.Let's say the root is logging for words like "hacker" "exploit" "password" "hack" and so on.Well can stop that by starting to type these and other words you think your root is logging in a different ways. LIke "hacker" into a h4cker or {hacker} "exploit" into an 3xploit or . In this way you'll again be sure the root can't trace you.But don't type the words as seen here be creative,and remember encrypt everything. 6.Ways to prevent your root from monitoring you The best thing you can do is to become a friend with your root and start helping him and make him think you're useful for the ISP's security. In this way you can be sure that your root will not monitor you and who knows he/she may give you the root's pass sometime. First you must prove to your root that you can be useful.The best way is to break the server several times and then of course tell the root how you've breaked it and tell him how to patch the bug. If you do this your root will start trusting you and as I told you give you the root's pass some time. Then you're able to do EVERYTHING with the system. For the evil people this is way to deface a website. These methods are working I've tried them and I'm now friend with my root.He didn't gave me the root's password but when he give it to me............... Think whatever you want :-) 7.Terms in this text Here I'll try to explain the different terms in this paper. 7.1.Sniffing In the normal network accounts and passwords are send in plain text it's not hard for the root to just "sniff"(look into)the packets and find out the things there.Admins and other people often use sniffin either for security purposes or to see what's going through their network. 7.2.Root For those of you that don't know a root is the user of the system that can do EVERYTHING on it.The root has FULL access to everything on a system and can make whatever he/she wants with it. 8.Final Words I hope you like this text and now you know what a root can do to you so be a little paranoid. ------------------------------------ This guide is for educational purposes only I do not take any responsibility about anything happen after reading the guide. I'm only telling you how to do this not to do it. It's your decision. If you want to put this text on your Site/FTP/Newsgroup or anything else you can do it but don't change anything without the permission of the author.I'll be happy to see this text on other pages too. All copyrights reserved.You may destribute this text as long as it's not changed.