The following section deals with Accounts on Unix systems.
All Unix systems have an account called root. This account is also commonly known as the superuser. Actually, any account with a user ID (UID) and group ID (GID) of zero could be considered a superuser account. It is possible that a system administrator will rename the root account for obfuscation, but this is rather impractical as many applications not only require that there be an account with UID zero but also require the name of the account be "root" to perform certain functions. As administrators do not wish to create more problems for themself, or have to patch more code than neccessary, this is a rare occurence.
Oh, and unless you've been living under a rock, you should already know that root is the holy name of God in Unix.
Here are a few other accounts and passwords (if known) commonly found on Unix systems:
|Some||daemon||(none)||Typically invalid for direct access|
|Some||bin||(none)||Typically invalid for direct access|
|Some||man||(none)||Typically invalid for direct access|
|Some||lpd||(none)||Typically invalid for direct access|
|Some||sys||(none)||Typically invalid for direct access|
|Some||nobody||(none)||Typically invalid for direct access|
|Some||ftp||(none)||Anonymous FTP acccess, requests email address in lieu of password|
|NeXT||root||NeXT||god (default password on shipped systems)|
|NeXT||me||(none)||Not seen on all systems|
Remotely, you have a few things you can try. Here are a few suggestions:
A lot of administrators are aware of the above techniques, and will often treat these probes as attacks themselves. Many sites refuse finger and ruser accesses, and a lot of sites have configured their mailer to either not respond to VRFY and EXPN or simply return nothing of value. Odds are good that sites that refuse these types of probes are usually logging these types of probes, so you may wish to probe from one location and attack from another.
If you can gain access locally, such as through a guest account, there are a number of things you can do to view possible account names. Try using some of the finger techniques from above minus the targethost, try typing 'w' or 'who' or even 'more /etc/passwd' to get account names.
Top | Next: Unix Passwords | Previous: Netware Mathematical/Theoretical Info | Table of Contents