---------- Forwarded message ----------
Date: Mon, 07 Sep 1998 00:40:00 -0600
From: Carolyn Meinel 
Subject: GTMHH: Part 1, How to Program in C


Guide to (mostly) Harmless Hacking

Vol. 5 Programmers' Series

No. 4: How to Program in C, part 1

	New hackers have been going by the droves to the top two places to get
computer break-in programs: http://www.rootshell.com and
http://www.netspace.org/lsv-archive/bugtraq.html.  Then they try to stick
these things into the windows of their Web browsers, throw them at their
would-be victim computers via telnet and ftp, print them out and burn them
at altars.  OK, I'm exaggerating, but only a tiny bit. Their problem is that
they don't know how to use these exploit programs.
	The reason for this cluelessness is that they don't know how to program.
To be specific, they don't know how to program in C on a Unix type computer!
	The problem is that there are so many super easy ways to break into
computers, and so many hackers who never learned to program, that lots of
people assume it is all easy. But if you are serious about breaking into
well-defended computers, and especially if you are serious about learning
how to defend Unix type computers, you must learn how to write, patch and
compile C code into working programs.  
	If you aspire to become an Uberhacker against Unix systems, you absolutely
MUST become a C programmer.  One heck of a good C programmer!
	If you want to escape us playing practical jokes on you when you play
Hacker Wargames, you absolutely MUST become a C programmer.

In this Chapter you will:

* Learn why you must be able to compile C programs if you want to patch
security holes
* Learn how to link and compile C programs
* Write your first C program
* Discover that C can be fun and easy
* See a C exploit program explained
* Learn basics of porting C exploit programs so they will compile and run
successfully on your particular computer.

	In order to do this lesson, you must have a shell account, whether at an
ISP or by running some kind of Unix on your home computer.  DO NOT email us
asking how to get a shell account!  The answer is in the chapter "How to Get
a Good Shell Account."
	Why is C the single most important programming language for a hacker to
learn? C is the language in which the Unix class of operating systems is for
the most part written.  It also is the language of almost all applications
that run on Unix.
	As one of my hacker friends who insists on anonymity explains, both Unix
and C "were developed by the same team at Bell labs, and compliment each
other nicely.  Unix was not originally written in C, but was re-written in C
to make it easier to understand/maintain/debug and a lot of other reasons.
This was not without controversy, but it was Ritchie's decision (the
inventor of C), and I believe he was proven right."
	Not surprisingly, then, most exploits are also written in C.  True, you
don't even need to learn to compile a C program to use these exploits -- if
you can get someone else to give you a version of that exploit compiled to
run on the type of operating system and shell you are planning to use for
the break-in. 

Newbie note:  Wonder why there are all those "Free Kevin Mitnick" Web sites
in the haxor scene?  Many people think it is ludicrous to keep that man
behind bars because he was such a lame hacker that he apparently didn't even
know how to program.  In fact, there is evidence that he didn't even compile
his own C programs!  There are transcripts of him on IRC begging his friends
to compile programs for him.

	C is especially important for White Hat hackers because you don't have a
prayer of a chance to patch security holes in your computer unless you can
compile and run C programs to fix the problem parts of your operating system. 
	Meino Christian Cramer adds, "And: using precompiled binaries/executables
is always a risk. Think of the ... viruses introduced to computers by simply
executing 'I-believe-it-has-no-virus'-programs. Using the source code
instead... you can check	the code for "back doors" and 'traps' -- which
means you have to learn 'the one and only' C..." 
	C also is good for hacking because it is able to run "low level" code as
part of its language.  In programming, "low level" means that you can play
with the most basic things on your computer, for example opening and closing
sockets or linking to the information on what sockets are open at any given

Newbie note:  A socket is a round-trip or two-way network connection.  For
example, when you telnet into another computer's login sequence, you connect
to port 23 on that computer.  It completes a round-trip connection by
assigning some high number port, for example port 3587, to complete the
socket.  If you have a shell account on a good ISP, you can see everyone's
sockets by giving the "last" or "netstat" commands.

	Another important thing about C being a high level language that easily
incorporates low level (assembly language) commands is that you can write it
to run super fast. 

How to Turn C code into a Working Program

	One of the great character flaws -- or is it strengths? -- of most hackers
is a burning desire to make something work RIGHT NOW, DARN IT!  Are you
ready to become a C programmer?  How about becoming one NOW!
	The first thing you need is a C compiler.  While in your shell account,
give the command "cc".  If you get the message "command not found," try the
command "gcc" If these don't work, try "whereis cc" , "whereis gcc", "which
cc" (in Linux), "locate cc" or "locate gcc".  If none of those work,
complain to tech support at your ISP.  Don't email us, because we can't help
you with this problem!  If you have a free shell account, and it doesn't
offer a C compiler, maybe you should consider paying for a good shell account.
	If these commands tell you where the C compiler is, try either changing to
that directory or including a path statement to that directory in your login
	So, are you ready to write your first C program?
	At the prompt in your shell account, type "pico hello.c".  The command
"pico" brings up a super easy editing program.  All the commands are listed
at the bottom of the screen.  Even I could learn how to use pico in a few
minutes without help. 

Newbie note: Don't worry if you make mistakes with pico.  There is nothing
you can do to seriously hurt your computer unless you are root.  How do you
know if you are root?  If you have to ask this question -- you aren't:)

	If you can't find pico, or if you are one of the rare people who hasn't
learned yet to program in C, yet who knows how to use a more advanced
editor, try "man vi" or "man emacs" to learn how to use a more powerful, but
harder to understand, editor.
	At the prompt in your editor, type in these lines exactly the way they are


void main()
    printf( "Hello, hackers!\n" );

	Next, save this program with the command "control-X". 
	Now give the command "ls".  This will reveal that you now have a file named
"hello.c".  The "c" at the end of this file name identifies this as a file
containing C commands.  Congratulations, you are already halfway to making
your own C program.
	However, at this point, if you type in the command "hello" or even
"hello.c", just like you would to run a shell script (program), nothing will
happen.  That is because this file is still just "source code," a listing of
commands that your computer doesn't understand.  This is different from
shell programs which only have commands that your computer already
understands without having to compile them first.  Shell programs are called
"interpreted" languages, meaning your computer can automatically interpret
the shell commands you give it. By contrast, C is a language that must be
compiled before you computer understands what you are asking it to do.
	So our next step must be to compile hello.c.  Give the command:

cc hello.c

	Or, if this doesn't work, give the command "gcc hello.c".  Throughout the
rest of this chapter we will assume "cc" is the correct command, so if you
need to give the command "gcc", please replace cc with gcc in everything below.

Wizard tip: Your system may offer a choice of C compilers.  On some systems
"cc" will run a compiler written by the company that also wrote the
operating system for your computer, while "gcc" will run the GNU C compiler.
Every C programmer I know says the GNU compiler is best.

	What this does is 
1) start your C compiler running with the "cc" command
2) with the  'hello.c" part of the command you tell the compiler where to
find the source code you just wrote.
3) the compiled program is, in most cases, automatically stored as a.out.
(If it wasn't stored as a.out in your case, you will get the solution to
your problem in a few more paragraphs.)

	Now -- the big event.  Let's run your first program.  Simply give the
command "a.out".  Your computer should say back to you, "Hello, hackers!"
Congratulations!  You are now a C programmer.
	Did your program not run?  Let's do some trouble shooting.  First, say over
and over again, "I love Unix.  I swear I do!  Honest!  I love C, too!"  Now
try to compile and run this program another way.  You start with the same
code as before, which is saved in the file "hello.c".  However, this time,
give the command:

cc -o hello hello.c

	What this does is: 
1) start your C compiler running with the "cc" command using the -o switch.
A quick use of the command "man cc" tells us that the switch "-o" after the
"cc" tells your compiler to output the compiled version as a file with the
name of your choice.
2) the "hello" part of the command tells the compiler that this is what you
want to name your compiled program
3) with the  'hello.c" part of the command you tell the compiler where to
find the source code you just wrote which you input into the compiler.
	Now -- simply give the command "hello".  Your computer should say back to
you, "Hello, hackers!"  Congratulations!  You are now a C programmer.
	Still doesn't work?  Try giving the command "chmod 700 hello".  
	STILL doesn't work?  This is a long shot, but maybe it will solve your
problem.  If your shell account is set up like mine, no program can execute
from the home directory.  It's a precaution I take against Trojans.
(Imagine this, sometimes meanies put surprises in my account.) However, I
have a directory named "bin" in my account.  Normally on Unix systems we
name directories that hold programs "bin".  On my account, that's where I
put the programs I write.  So look for a directory "bin" under the home
directory in your shell account.  If it doesn't exist, create it with the
command "mkdir bin".  Don't forget to give the command "chmod 700 ~/bin"
afterwards!  Move "hello" into it with the command "mv hello bin/hello".
	STILL DOESN'T WORK???  Here's the bad news.  There are so many kinds of
Unix, and so many shells to interpret your commands, and so many ways to
configure Unixes -- I may not be able to solve your problem.  As the C bible
that we like to call simply "K&R" (The C Programming Language by Kernighan
and Ritchie) warns, "Just how to run this program depends on the system you
are using."  
	So don't phone or email me for help.  Call tech support at your ISP!
That's what you are paying them for, right?  They WILL get your C program
working -- if they allow users to compile C programs.  You may even make
friends with the tech support guy you call, as it is really rare and usually
makes tech support guys happy when a customer asks a programming question
instead of the usual lame stuff.
	However, before calling tech support, maybe you had better rewrite your
program first to say "Hello, world" instead of "Hello, hackers!" just in
case the tech guy you talk to is paranoid enough to kick you off for trying
to be a hacker.

"Hello, hackers!" Program Explained

	So how did this program work?  Let's look it over line by line.  The first
line is "#include".  This simply tells the computer how to accept
input and make output ("stdio" is short for "standard input and output.")
If you were to leave this line out, the computer wouldn't know how to output
the message "Hello, hackers!."
	The second line is "void main()".  It tells the computer this is the main
function under which all other C functions will run.  "Main"  might use many
other functions (programs) while it is running, in this case the stdio
program.  The "void" tells the program that it doesn't have to pass a value
to any other program when it is done running.  You don't have to write
"void" in front of "main()," but it's good programming practice.
	The third line is just one character: "{".  This tells your computer to
expect the beginning of the main function.
	The fourth line is "printf( "Hello, hackers!\n" );".  The "printf" command
tells the computer to use the stdio program to figure out how to print
something to your monitor screen.   "( "Hello, hackers!\n")" tells it what
to print: the words "Hello, hackers!" followed by  \n, which means "enter"
(or "new line").  You have to have a new line command so your program will
give a prompt back to you after it has run. 
	The ";" tells the C compiler that this is the end of this command, that
whatever it sees next is the start of a new command.
	The last character is "}" which simply means it is the end of the main
Why C Exploit Programs Might not Work

	Now comes the big question.  You download a bunch of exploit programs and
try to compile them and they don't work.  Aha, you have just discovered why
hacker gangs are so popular.  There are many groups of criminal hackers out
there who help each other out by figuring out how to compile exploits.  That
is how Kevin Mitnick got as far as he did -- he had his buddies compile
programs for him.
	However, I presume you are reading this not to become a criminal, but
because you are willing to do a little work, and learn enough to not only
break into computers -- but learn how to defend them, too.  For this you
must become good at C programming.
	Here's how to get good.

1) Buy the book The C Programming Language by Brian W. Kernighan and Dennis
M. Ritchie (Prentice Hall, second edition, 1988).  This is the Bible of C
programming.  Real hackers simply call it "K&R." You can get eliteness
points by responding to guys who talk reverently about "K&R" by saying, "Oh,
yes, Kernighan and Ritchie.  Brilliant book."  The reason this book is so
good is that one of the authors, Dennis Ritchie, is the creator of the C
language.  Valerie Henson adds, "K&R is almost magical in the way it
explains C.  I have strong feelings about this book. :)" You can buy it from
anywhere in the world at http://www.amazon.com.

2) You will quickly discover that no one book on C will tell you all the
possible commands.  If you want to learn as much as possible about C, you
need to study the source code of C programs you admire.  With each line, use
the "man 2" command while in your shell account to learn about it, for
example, "man 2 write". (This presumes your sysadmin has installed the man
pages for C.)  Then try writing some small programs to test each command to
make sure you understand what it does.  For examples of elegant C program
source code complete with explanations, get Internetworking with TCP/IP
Volumes 1,2 and 3, by Douglas Comer and David L. Stevens (Prentice Hall,
1995).  Volumes 2 and 3 are almost all C source code.

3) You will absolutely hate this.  Just as there are many kinds of Unix and
many different Unix shells, there is more than one version of C out there.
But help is on the way.  There is a version of C called ANSI C (for the ANSI
standards board) which is coming to be widely accepted.  All we have to do
now is persuade the people who write programs to break into computers to
adopt the ANSI C standard!

4) You might need to find some new friends who will help you figure out what
to do to successfully compile and run some obstreperous C program.  Try
enrolling in a course on C at a GOOD college or university.  However, talk
to the other students or the professors before you spend money signing up
for a course.  I swear this is true, one college teaches C using C for
Dummies as a textbook.  While that book may be helpful for home study --
surely a college professor can show his or her students enough respect to
teach from K&R!  However, if you can get a good college course, don't expect
to learn how to compile exploits from it!   What you can do is hang out with
students and teaching assistants and professors and meet people who can give
you help on how to modify programs so they will compile on your computer.
	If you can't find a good college nearby, another possibility is to join a
Linux Users Group (LUG).  To find one in your neighborhood, see
	Cramer suggests, "try to post question to newsgroups and mailing lists
(that discuss C programming). But ...   
Posting a question like "My hello.c prints 'Hello, good bye' instead of
'hello hackers -- what should I do?' to a mailing list -- say -- the Linux
kernel developers list, will give you -- hrmmm -- some interesting results..." 
	Or get a job doing tech support at a local Internet Service Provider.
Usually there will be some talented C programmers working there.
	Whatever you do, don't join a gang of computer criminals!  They usually
know much less about C programming than do computer science students, Linux
User Group members, and employees of ISPs.

5) Read Meino Christian Cramer's Guide to C programming at the Wargames page
on http://www.happyhacker.org.  Try emailing questions to him at the address
on that Web page. He gives a great overview of the most important concepts
in C programming, with some example programs for you to write.

Where are those back issues of GTMHHs and Happy Hacker Digests? Check out
the official Happy Hacker Web page at http://www.happyhacker.org.
We are against computer crime. We support good, old-fashioned hacking of the
kind that led to the creation of the Internet and a new era of freedom of
information. But we hate computer crime.  So don't email us about any crimes
you have committed!  
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless
Hacking, please email hacker@techbroker.com with message "subscribe
happy-hacker" in the body of your message. 
Copyright 1998 Carolyn Meinel.  You may forward, print out or post this
GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave
this notice at the end.
Carolyn Meinel
M/B Research -- The Technology Brokers