home *** CD-ROM | disk | FTP | other *** search
- =*^*=*^*=*^--------------------------------^*=*^*=*^*=
- =*---------HOW TO DESTROY AN RBBS-PC SYSTEM---------*=
- =*----------PRESENTED BY PHREAK'S CABARET-----------*=
- =*^*=*^*=*^---------612 755 3432-----------^*=*^*=*^*=
-
-
-
- IN THE COURSE OF YOUR HACKING AND PHREAKING ACTIVITIES,
- YOU WILL RUN ACROSS A GEEK SYSOP OR TWO. IN THIS SERIES OF
- ARTICLES, I AM GOING TO DESCRIBE WAYS TO DESTROY THESE GEEK
- BOARDS. I WILL COVER MOST OF THE MAJOR BBS PROGRAMS IN THE
- COURSE OF THIS TUTORIAL SET. THIS ISSUE WILL DEAL WITH THE
- RBBS SYSTEM.
-
- BASIC SYSTEM FACTS :
- --------------------
-
- HARDWARE : IBM-PC (OR XT)
- 2 DRIVES
- 128K OR MORE
- HAYES SMARTMODEM
-
- FILES : COMMENTS TO SYSOP STORED IN "COMMENTS"
- MESSAGES STORED IN "MESSAGES"
- HELP FILES : "HELP01" - "HELP07"
- DOWNLOAD DIRCTORIES : "DIR" - "DIR 99"
- (DIR CONTIANS LIST OF DIRECTORIES ON CPC 12.1C AND OVER.
- IN EARLIER VERSIONS, ALL FILES ARE CONTAINED HERE.)
- USER FILES (PASSWORDS, ETC) : "USERS"
- SYSTEM CONFIG FILE (SYSOP'S PASSWORD, ETC) : "RBBS-PC.DEF"
-
-
- BUG #1 : DOWNLOADING THE USER FILE
- ----------------------------------
-
- VERSIONS THAT MAY BE ATTACKED THIS WAY : CPC 12.1C AND BEFORE.
-
- PROCEDURE : DOWNLOAD "USERS."
- READ PASSWORDS.
- HAVE PHUN.
-
- NOTE : LOOK FOR PASSWORDS MARKED "SYSOP". THESE PASSWORDS ON CPC 12.1F HAVE
- THE ABILITY TO DROP TO DOS.
-
- EXPLAINATION :
- --------------
-
- IBM'S BASIC (BY MICROSOFT) IS A RATHER HIGH LEVEL BASIC, WITH MANY
- POWERFUL COMMANDS. PC DOS, HOWEVER, IS A RATHER IDIOT-PROOF DISK SYSTEM.
- THE PROBLEM LIES IN THE DIFFERENT WAYS DOS AND BASIC INTERPRET A STRING
- OF CHARACTERS. IN THE RBBS PROGRAM IS A LINE THAT SAYS :
-
- IF FN$ = USERS$ THEN 13520
-
- FN$ IS THE NAME OF THE FILE YOU REQUESTED FOR DOWNLOAD.
- USER$ IS THE NAME OF THE USER FILE (USERS).
- 13520 IS THE LINE THAT PRINTS "FILE XXXX NOT FOUND. TYPE L FOR DIR"
-
- NOW THAT YOU KNOW HOW RBBS WAS MEANT TO TRAP HACKERS, IT IS EASY TO
- EXPLAIN THE FALACY OF IT'S WAYS. BASIC SAYS THAT "USERS" IS NOT EQUAL
- TO "USERS." (AND FOR GOOD REASON!!!). BUT PC DOS SAYS THAT "USERS" IS
- EQUAL TO "USERS.". SO YOU ARE ACCESSING THE SAME FILE, BUT UNDER 2
- DIFFERENT NAMES. SINCE THE SYSTEM ONLY TRAPS ONE OF THEM, YOU CAN USE THE
- OTHER ONE AND GET THE SAME DATA. THIS PROBLEM IS WELL KNOWN AND MOST
- RBBS SYSTEMS HAVE BEEN FIXED TO AVOID THIS BUG.
-
- BUG #2 : DOWNLOADING THE SYSOP'S PASSWORD
- -----------------------------------------
-
- VERSIONS ATTACKABLE : ANY RBBS UP TO VERSION 12.2, WHICH IS STILL
- IN TESTING BY TOM MACK.
-
- PROCEDURE : DOWNLOAD "RBBS-PC.DEFF"
- READ PASSWORD
- HAVE PHUN
-
- THE SYSOP'S PASSWORD IS CONTAINED IN A FILE CALLED "RBBS-PC.DEF".
- THERE IS A TRAP IN THE RBBS CODE TO PREVENT YOU FROM DOWNLOADING IT.
- BUT, HERE AGAIN, BASIC AND DOS ARE NOT IN AGREEMENT ABOUT THE
- EQUIVILANCE OF STRINGS. BASIC SAYS THAT "RBBS-PC.DEFF" <> "RBBS-PC.
- DEF" (AGAIN, RIGHTFULLY SO!!). BUT DOS TRUNCATES THE EXTRA CHARACTER,
- AND ALLOWS YOU TO GET THE SAME FILE UNDER THIS NAME. (NOTE THAT ANY
- CHARACTER WILL WORK AFTER THE "F" IN .DEF. SO IF THE SYSOP HAS FIXED
- THIS BUG, TRY ANOTHER CHARACTER. HE MIGHT HAVE BEEN TOO DUMB TO SET
- UP A LENGTH TEST AND JUST TRAPPED "RBBS-PC.DEFF"). THIS BUG, TOO, IS
- WELL KNOWN, AND MAY BE FIXED ON SOME BOARDS.
-
- BUG #3 : OVERLOADING THE USER FILE
- ----------------------------------
-
- VERSIONS ATTACKABLE : ALL
-
- PROCEDURE : WRITE A PROGRAM THAT CALLS THE BOARD REPEATEDLY UNDER
- NEW NAMES EACH TIME.
-
- EXPLAINATION :
- --------------
-
- THIS IS RATHER OBVIOUS. IF YOU KEEP FILLING UP THE USERLOG
- WITH BULLSHIT I.D.'S, YOU WILL CAUSE IT TO BECOME TOO LARGE, AND
- DOS WILL NOT ALLOW IT TO BE WRITTEN TO. THIS WILL CAUSE IT TO
- "FATAL ERROR" WHENEVER A CALLER LOGS ON.
-
-
- WELL, THAT ABOUT WRAPS IT UP FOR THIS TIME. NEXT TIME : HOW
- TO CRASH A NET-WORKS SYSTEM.
-
-
