phrack/phrack5/3.txt

594 lines
22 KiB
Plaintext

==Phrack Inc.==
Volume One, Issue Five, Phile #3 of 12
[/][/][/][/][/][/][/][/][/][/][/]
[/] Hacking the Dec-10 system [/]
[/] written by, [/]
[/] Carrier Culprit [/]
[/][/][/][/][/][/][/][/][/][/][/]
Revised Edition....
Note: This file was distributed by accident, it was not finished. This is the
new and revised edition. If you see my file distributed on some AE, BBS,
Catfur, and it's not the revised edition please ask the sysop to delete it.
Thank-you.
------------------------------------
Part I: Logging In, and simple cmds.
------------------------------------
Note:Sysop's may download this file
but please keep the appropriate
credits.
Welcome to Hacking Dec 10's!
There is one way to recognize a Dec-10, you will get the "." prompt. First
there will be a little login message, sort of like a login on a BBS. For
example-
NIH Timesharing
NIH Tri-SMP 7.02-FF 19:57:11 TTY12
system 1378/1381/1453 Connected to Node Happy(40) Line # 13
Please LOGIN
.
Now, you've gotten so far that you have found a Dec (Digital Equipment Corp),
you will need to know the format of the login.
[Login format]
The users have numbers called PPN's which stands for "Project/Program Number".
The format of a PPN number is [X,X]. The first number is the the Project number
and the second is the Program Number.
ie-
.Log 12,34
Job 64 NIH 7.01 KL 64-UC TTY12
Password:
The password can range from 1-8 characters long, it may contain numbers,
initials, or something of the sort. Try and think, if I were a user what would
my password be. I doubt that method would work but it's worth a try.
Now say this is your very first time on a Dec 10 system. Now if you want to
see some information about the system and some commands you may want to type-
.Help
This will tell a little more about the system you are on. It will tell you how
to get information on a specific topic. It may also give you the number to
their voice dial-up just in case your having trouble.
Now the dial-up (voice) may help you if your good in BS'ing. Usually the Help
command will tell you to consult your 'Dec 10-system guide' for more
information.
Now say you want a list of commands to execute. You can type-
.Help *
You will then get the following commands- Which are too many to type in but
you will recognize them when you type Help *.
Now after it shows all the commands it will then tell you how to login. It
will not give you a demo account, but will give you an example login.
It will say something like, "The Login command is used for accessing the
Decsystem-10 timesharing system."
To login please enter your project,programmer number pair.
LOGIN XXX,XXXX
The system will prompt you for your password. If your PPN or password is
wrong you will then be prompted with a message that says-
Enter Project,programmer #xxx,xxxx
Password:
End of that.
Now, there are some other useful commands you may enter while still *not*
having a account. You can access Decnet which I will discuss later which is
very nice to a hacker.
Now, there is also a command you can execute called "Help Phone". What this
does is, it lists the numbers of different Dec related staffs. etc....
Example-
.Help Phone
DCRT/CCB/DECsystem-10 Information Phone numbers (4/86)
Recorded message Dial xxx-xxxx
Dec-10 operator Dial xxx-xxxx
Dec-10 staff Dial xxx-xxxx
Terminal Repairs Dial xxx-xxxx
Classes/Courses Dial xxx-xxxx
Users Area Phone Dial xxx-xxxx
Project Control Office Dial xxx-xxxx
NOTE:This is the same area code as the Decsystem.
Now the two numbers which would be the most important to you would be the
number of the Dec10 operator and the Dec10 staff.
Now the most important command which can be executed on the Dec10 which is
good to use is "Systat"; this will list PPN's, time, running job, time elapsed.
Once you get that PPN you can start hacking away. Using systat is the simplest
and easiest way to get PPN's. It will just be easier to type "SY" instead of
"Systat", they are both the same thing except sy is the abbreviation.
Now here's a little example of what you would get by executing the "sy"
command.
.SY
Status of Brown University 603A at 11:52:33 on 29-Jan-86
Uptime 187:12:22, 80%Null time = 80%idle + 0%Lost
7 Jobs in use out of 128. 19 logged in 4 detached out of 89 (LOGMAX)
Job Who What Run Time
1 [OPR] OPSER 3:22
2 [OPR] DIALOG 1:29
3 [OPR] BATCON 4:01
4 [OPR] SYSINF 51:13 01
5 24,2 SYSTAT 4:52
6 2332,21 DIRECT 2:22
7 32,22 SYSTAT 8:19
There will also be more stuff along with the above. Now you shouldn't concern
yourself with it, that's why I didn't add in. Now also there will be more
sub-headings than run time, who, what, and job. You also shouldn't concern
yourself with that either.
Now everything is really self explanatory which is up there. Now for
beginners who are reading this file I will just tell you what that means Job is
no concern. Who is telling you what kind of person is on the system. [OPR]
means Operator, and the numbers such as, 24,2 are referring to regular users
with PPN's. Now the next column which is "What". This is telling us what they
are executing or what they are presently doing on the system. Run time is
telling us what time they logged in. They are using military time. Now under
systat you can find: System File Structures, Busy devices, Height segments, and
Disk Structure. Don't worry about that stuff now.
Now you've finally got yourself some PPN's, well the next thing to do is to
login using the procedure I showed you with Log. Enter the PPN xx,xx, and try
to hack out some passwords.
I will now give you a list of passwords which I have currently used to get
into a Dec10. If these passwords don't work well I am sorry you'll just have to
try some yourself.
Note: You can also make a little program having it testing out different PPN's
and Passwords.
List of Passwords--
-------------------------------------
Sex Dec Decnet
Games Test Dcl
System Computer Password
Help Link List
Secret Default Modem
Account Terminal Acsnet
Ppn Operator Connect
-------------------------------------
There are many more passwords people use but I just put some common ones.
You can also try random passwords like, AA, AAB, AB, CC, etc..
Now that is it on logging in. I spent a little too much time on this but
since this will be a two part file, I will discuss more commands that I don't
get around to discuss in here in part II. Now this file is intended for the
beginner so you experienced Dec hackers are bored now or will get bored later.
Note: If connected to Acsnet, just type AcsDec10 to access the Dec. Everything
else that I mentioned in the login will work.
[In the system]
Now will assume you've finally gotten into the system after hacking your
brains out. Now, this is how you will know you are in the system.
Example-
.Login 21,34
Password:
Note: You usually get two tries to enter PPN and Password.
The Dec will introduce itself, saying when the last time you were on, etc.
Also if you may do something like this to log-on.
.Log 12,34
JOB 51 NIH 7.01 KL 64-UC TT12
Password:[c/r]
Other jobs detached with same PPN:
Job 34 running SYSTAT in ^C state
Do you want to ATTACH to this job? yes
Attaching to job 34
Now, what you are doing is attaching to an idle PPN. See, while someone else
is on the system, about 10 minutes <max=15 mins> before you, they can input a
command that will allow them to logoff and he can attach back to that PPN when
he logs back on. That person will then be put to the place where he logged off
at. If I were using 'sys', and I logged off. I would use the command 'detach'.
Now the person would have 15 minutes to call back and attach to his PPN.
There's one other way to attach to an account. If the person doesn't type
something for awhile he will automatically be logged off and if you call within
15 minutes you may be able to attach to his PPN.
Note: You may still have to login.
Ok, we are now in the system after it has verified itself. What do we do? Well
first let's take another look at the "systat". We notice there is one other
person logged in. But we see he is in "exe", this means he is doing nothing or
he's detached. In other words, don't worry about it.
Now if we wanted to change our password, we would type-
/Password
After we do this, the system will ask us for our old password and our new
password, but we should leave the password the way it is so we won't be
discovered. But it's a good thing to know.
Now we can take a look at other users files. We can do this by typing-
Dir [*,*]
*=Wildcard
This will show you files of users who have their files set for public access.
Now lets say we want to take a look at someone's file. We would type-
Dir [12,11]
If 12,11 was the user number we wanted we would type that inside the brackets.
Now there are many types of files. Now you may have looked through someone's
dir, or looked through a wildcard and noticed some files. On most files you may
have seen the words 'txt' or 'exe'.
For exe you will type-
[PPN]filename.exe
for txt you will type-
type filename.txt
You may also see file types such as: dat, bas, cmd, pcl, bin, hlp, and some
others.
<1>Exe=executable, which means that you can run these files from the "."
prompt.
<2>Txt=Text, these are text files which may contain: information, data or other
numerous things. These are files you may see on most every user who has a
public directory, and I find the most popular on Dec-10's.
<3>Bas=Basic, these files are written in of course basic, and must be used in
basic. To enter that on a Dec-10, just simply type Run Bas or if that doesn't
work type plain old basic.
Note: The basic files are to be used like any other basic file, load them up
and run them.
These are the most common files you may encounter. But when you master those
types of files you can go on and check out the other types of files.
Another way of reading files, is by typing-
File:[*,*]<command>
Once again the '*' is the wildcard.
[Creating a Directory]
To create a directory you can type at the main prompt- 'Credir'
There are 2 levels for a directory, the first level is-
Class and the second is Tvedit.
Now say we have a nice prived account, so we can have a 2 level directory. We
would type-
Create Directory:[,,class,tvedit]
The Dec-10 would reply by saying-
Created Dska0:[x,x,class]Sfd/protec:775
Created Dska0:[x,x,class,tvedit]sfd/protec:755
x,x=The PPN you are using, and the Dska0 is the device.
Now we can name our directory by typing-
/Name:<what you want to call it>
Note: You don't need the brackets.
We can protect it by typing:
/Protect:<name>
There are more '/' commands so you can take a look at them by doing '/help'.
Enough of directories.
[Privs]
What almost every hacker wants when he logs onto a system is an account with
privileges. If we have an account with privileges we can make our own account
and do some other worth while things. Now on a Dec10 a prived account almost
always begins with a '1'. Ex- 1,10. Now we can check the system status (sys)
and see if we see anyone under a 1,x account. If we do then we can begin
hacking the password. Now if you get in under '1,2' well that's another story.
Hehe. Now say we do get in under a privileged account. Now first of all to
activate our prived accounts we would type 'enable' this will either give us a
'$' prompt or a '#' prompt. Whichever, it doesn't matter. We can still do what
we have to do. Now let's say we want to make up a nice account, we would type-
$Build[x,x] or Create[x,x]
After we do that we can edit that PPN or if it's new make up our own.
Now, I should've mentioned this before but, if you get in on a 1,x account
make sure there is not another user logged in under the same account. If it is
they may change the password, but even if they are in 'exe' and may be detached
we don't want to take any chances now. Now I suggest going on in the late
evening, early morning or if your home from school one day just call at noon or
so.
There are many different levels of privs, there's the operator, wheel, and
CIA. CIA being the highest since you can do anything and everything.
Now if you have operator privs you can do the above which was make up an
account and create a nice directory. This will also be nice when attempting to
get into Decnet.
Now also if you make up a prived account, you should type-
Help Phones <as I mentioned before>
At the main prompt. You will get a list of phone numbers including the system
operator's number and system managements. Now they are open usually from 10am
to 5pm. Call during those hrs. and ask them if you can have a Decsystem
timesharing guide. They will ask you questions like what's your name, PPN and
password so have that ready. If they ask you why didn't you already receive
one, just say you've just gotten a account and you were never informed about
the manual.
This manual is very helpful. It will tell you commands, explain them in
detail, new features, games, etc. Don't order the manual the day you get your
account, wait maybe 4 days or so, then give them a call. They will usually send
it out the next day, unless they get lazy like most of the system operators do.
It's usually safe to have it sent to your house, but if you feel nervous well
get it sent to another place.
[Mail Subsystem]
Sometimes you may know of a friend who also has an account on the same Dec10
you are on. Your friend may not be on the system right now, so that eliminates
sending messages to him. But there is 1 alternative which is to send mail. With
mail you need the person's name. To access mail type-
Run Mail
You will then receive the prompt 'MailC', at this prompt you type-
MailC:Send
Now you will be asked questions on who you want to send the mail to. It will
look something like this-
.Run Mail
MailC:Send
to:Death Hatchet
Subject:Disk Crash
Text:
Yo! My file disk got ruined with //e Writer. See ya.
Now when your finished with your text just type '.done' or '.d' on a blank
line to indicate that your finish. The Dec10 will reply by saying-
Death Hatchet--Sent
-and will return you to the 'MailC' prompt. Now if you wanted to send the same
message to two people you would do everything I did above except when it says
'to:' you would type-
To:Death Hatchet,The Rico
The only difference is the comma. You MUST have the comma separate the two
names in order for the system not to take it as one whole name. Once the mail
has been sent, the user Death Hatchet will receive it when he logs on. After he
gets the little welcome messages and his stats from when he last logged on, the
mail will automatically be read to him like this-
From:Carrier Culprit Postmark:20-Mar-86-08:12:27
to:Death Hatchet
Subject:Disk Crash
Yo! My file disk got ruined with //e Writer. See ya.
It will then read other pieces of mail if he has any more. If not, it will
just go to the main prompt. If you want to read the mail again, go to the mail
section and type 'read' instead of send. You will then be able to save it for
your next call or kill it. Sometimes mail won't show up when you first logon so
go to the mail section anyway and check just in case.
On some of the older Dec10 systems mail was not used, you would just send a
message. Mail was added to the Dec10 system in the mid 70's. No big deal, but
just something to know. If you run mail and you don't get into the mail section
try 'run mai'. The 'run mai' is used on some of the earlier systems, but
usually the system acknowledges both.
Never send violent mail to system operators, they will log you off and do away
with your account. If you do, I suggest having another account (PPN) on hand.
On some of the newer Dec10 systems, you can forward mail, which you do by
typing 'Frd Mail' at the 'MailC' prompt. The system will then ask you where you
want it forwarded to, their password, your password. The system operator views
this and checks with both parties and he/she will leave you mail saying that it
is done. This is really being tested but I've seen it in operation on some
Dec10's in 714.
[Information]
This is another handy command that can be used to your advantage. It gives you
information on jobs and PPN's. You don't get passwords but you can get some
good stats. If you type 'info' or 'help info' you will get a list that would
look something like this-
To look at one of the following do-- Info XXXX
Switch Meaning
====== =======
. Information on your job
[??,??] Information on that PPN
ALL Information on all PPN's
ALL:LOPR Information on all Local Operator Jobs(1,2)
ALL:OPR Information on all Operator jobs (1,2)
ALL:ROPR Information on all Remote Operator jobs
ALL:Users Information on all users
Batch Information on all batch jobs
Detached:ALL Information on all Detached PPN'S
Detached:OPR Information on all Detached Operator jobs
Detached:Users Information on all Detached users
Detached:LOPR Information on all Local Operator jobs
And the list goes on. If you want the whole list just type 'Help Info'. It
will also give info on disk devices, directories, and other stuff. Some of the
Dec10 systems don't support this, but you will find that most of them do.
The '1,2' which is next to the Operators are system operator accounts. I
mentioned that before, so you won't get confused. Most files are kept under
this account so if you get in under it you'll have a lot to do....hehehe.
[Watch]
This command will show you your stats. You will be able to toggle it. You can
toggle it on which will display on the top of your screen or just look at it
once. The watch will show you-
Run---which means your CPU time.
Wait--which means your elapsed time since started.
Read--number of disk blocks you have read.
Write--number of disk blocks you have written.
If you have system privs, type-
Watch[x,x]
You can watch another person if you have these privs. It will also show you
information. Many operators use this so be careful in what you type.
[Other commands]
If you want to find out some information about someone type-
Who Their name job# TTY
Now I could do something like-
Who Carrier Culprit 4 #7
This is saying that Carrier Culprit is logged in on job 4 and is on TTY #7. The
monitor will also display the user's PPN, and other information dealing with
his status on the system.
-------------------------------------------------------------------------------
Now if you notice one of your friend's are on TTY10 and you want to send him a
message you can type-
Send TTY10 Congratulations on passing your exam
The user on TTY10 will receive the message and may have the capability of
replying. You can also use this to meet new friends, especially a system
operator who is pretty cool and can give you some accounts, but don't count on
it.
-------------------------------------------------------------------------------
If you would like to talk to someone one on one, you can type-
Talk TTY10
You will now be able to talk to each other, chat, but like I said, watch what
you say sometimes, but don't get to paranoid that the system operator is
watching. Usually if the system operator is under 'Watch' or 'Exe' he may be
watching a certain user. This is just basically a chat system, so have fun with
it.
-------------------------------------------------------------------------------
If you have a prived account go into 'enable' and type-
Whostr
This will give information about users logged in and the directories.
-------------------------------------------------------------------------------
If you need the time, just type 'time'. If you have math homework just type
'aid' for desktop calculator.
-------------------------------------------------------------------------------
Ctrl-characters Case Commands
=============== =============
ctrl-s = pause If you support lower case type:
ctrl-q = resume 'Set Terminal LC'
ctrl-c = abort
ctrl-h = backspace
-------------------------------------------------------------------------------
[Decnet]
Is supported by all Digital computers. To access it, type 'Decnet' and try to
hack out the password. Decnet supports such nodes as, VMS, TOPS10 (operating
system for Dec10's), TOPS20, and others. Usually system operator's accounts can
be helpful if you need a Decnet pw. Try their pw and see if it works. Usually
the password to Decnet can be plain old "Decnet". Format= Set Host xxxx
[Acsnet]
This is probably my favorite. This supports Dec10, and many other computers.
When you log on to it, it will look something like this-
ACSNET
Fri Mar 13 19:30:23 1986
Port ID: dialup C502 at 300 baud
dialup C502 with even parity
>
Now to get a menu type '?'. It will give you a list of groupnames. To enter
the Dec10 type 'Acsdec10', usually Decnet is not listed so type Decnet anyway.
Other commands for ACSNET are-
Connect Daytime
Hangup Disconnect
Info Help
Release Resume
Set WhoamI
-------------------------------------------------------------------------------
Hmm. Knew I forgot something. To log off the Dec10, just type-
Bye or Kjob (kill job)
Part II: This will deal with the 1,2 PPN and advanced commands using Enable.
Have fun,
$$$$$$$$$$$$$$$$$$$$$->Carrier Culprit<-$$$$$$$$$$$$$$$$$$$$$
[END]
Revised Edition
(C)opyright April, 1986