Page 144

Undergound. Go to Table of Contents.

   at Purdue to steal a copy of Deszip. Phoenix would do the actual

   hacking, since he had the fast modem, but he would talk to Electron

   simultaneously on the other phone line. Electron would guide him at

   each step. That way, when Phoenix hit a snag, he wouldn't have to

   retreat to regroup and risk discovery.


   Both hackers had managed to break into another computer at Purdue,

   called Medusa. But Spaf had a separate machine, Uther, which was

   connected to Medusa.


   Phoenix poked and prodded at Uther, trying to open a hole wide enough

   for him to crawl through. At Electron's suggestion, he tried to use

   the CHFN bug. The CHFN command lets users change the information

   provided--such as their name, work address or office phone

   number--when someone `fingers' their accounts. The bug had appeared in

   one of the Zardoz files and Phoenix and Electron had already used it

   to break into several other machines.


   Electron wanted to use the CHFN bug because, if the attack was

   successful, Phoenix would be able to make a root account for himself

   on Spaf's machine. That would be the ultimate slap in the face to a

   high-profile computer security guru.


   But things weren't going well for Phoenix. The frustrated Australian

   hacker kept telling Electron that the bug should work, but it

   wouldn't, and he couldn't figure out why. The problem, Electron

   finally concluded, was that Spaf's machine was a Sequent. The CHFN bug

   depended on a particular Unix password file structure, but Sequents

   used a different structure. It didn't help that Phoenix didn't know

   that much about Sequents--they were one of Gandalf's specialties.


   After a few exasperating hours struggling to make the CHFN bug work,

   Phoenix gave up and turned to another security flaw suggested by

   Electron: the FTP bug. Phoenix ran through the bug in his mind.

   Normally, someone used FTP, or file transfer protocol, to transfer

   files over a network, such as the Internet, from one computer to

   another. FTPing to another machine was a bit like telnetting, but the

   user didn't need a password to login and the commands he could execute

   once in the other computer were usually very limited.


   If it worked, the FTP bug would allow Phoenix to slip in an extra

   command during the FTP login process. That command would force Spaf's

   machine to allow Phoenix to login as anyone he wanted--and what he

   wanted was to login as someone who had root privileges. The `root'

   account might be a little obvious

   if anyone was watching, and it didn't always have remote

   access anyway. So he chose `daemon', another commonly root-privileged

   account, instead.


   It was a shot in the dark. Phoenix was fairly sure Spaf would have

   secured his machine against such an obvious attack, but Electron urged

   him to give it a try anyway. The FTP bug had been announced throughout

   the computer security community long ago, appearing in an early issue

   of Zardoz. Phoenix hesitated, but he had run out of ideas, and time.


   Phoenix typed:


   FTP -i


   quote user anonymous