100 lines
7.1 KiB
Plaintext
100 lines
7.1 KiB
Plaintext
** The basics of hacking ii: vax's **
|
|
|
|
Welcome to the basics of hacking ii: vax'sand unix.
|
|
In this article, we discuss the unix system that runs on the various
|
|
vax systems. If you are on another unix-type system, some commands may differ,
|
|
but since it is licenced to bell, they can't make many changes. Hacking onto
|
|
a unix system is very difficult, and in this case, we advise having an inside
|
|
source, if possible. The reason it is difficult to hack a vax is this: many
|
|
vax, after you get a carrier from them, respond=> login: they give you no
|
|
chance to see what the login name format is. Most commonly used are single
|
|
words, under 8 digits, usually the person's name. There is a way around this:
|
|
most vax have an acct. Called 'suggest' for people to use to make a suggestion
|
|
to the system root terminal. This is usually watched by the system operator,
|
|
but at late he is probably at home sleeping or screwing someone's brains out.
|
|
So we can write a program to send at the vax this type of a message: a screen
|
|
freeze (cntrl-s), screen clear (system dependant), about 255 garbage
|
|
characters, and then a command to create a login acct., After which you clear
|
|
the screen again, then un- freeze the terminal. What this does: when the
|
|
terminal is frozen, it keeps a buffer of what is sent. Well, the buffer is
|
|
about 127 characters long. So you overflow it with trash, and then you send a
|
|
command line to create an acct. (System dependant). After this you clear the
|
|
buffer and screen again, then unfreeze the terminal. This is a bad way to do
|
|
it, and it is much nicer if you just send a command to the terminal to shut the
|
|
system down, or whatever you are after... There is always, *always* an acct.
|
|
Called root, the most powerful acct. To be on, since it has all of the system
|
|
files on it. If you hack your way onto this one, then everything is easy from
|
|
here on... On the unix system, the abort key is the cntrl-d key. Watch how
|
|
many times you hit this, since it is also a way to log off the system! A little
|
|
about unix architechture: the root directory, called root, is where the system
|
|
resides. After this come a few 'sub' root directories, usually to group things
|
|
(stats here, priv stuff here, the user log here...). Under this comes the
|
|
superuser (the operator of the system), and then finally the normal users. In
|
|
the unix 'shell' everything is treated the same. By this we mean: you can
|
|
access a program the same way you access a user directory, and so on. The way
|
|
the unix system was written, everything, users included, are just programs
|
|
belonging to the root directory. Those of you who hacked onto the root, smile,
|
|
since you can screw everything... The main level (exec level) prompt on the
|
|
unix system is the $, and if you are on the root, you have a # (super- user
|
|
prompt). Ok, a few basics for the system... To see where you are, and what
|
|
paths are active in reguards to your user account, then type => pwd this shows
|
|
your acct. Seperated by a slash with another pathname (acct.), Possibly many
|
|
times. To connect through to another path, or many paths, you would type: you=>
|
|
path1/path2/path3 and then you are connected all the way from path1 to path3.
|
|
You can run the programs on all the paths you are connected to. If it does not
|
|
allow you to connect to a path, then you have insufficient privs, or the path
|
|
is closed and archived onto tape. You can run programs this way also: you=>
|
|
path1/path2/path3/program-name unix treats everything as a program, and thus
|
|
there a few commands to learn... To see what you have access to in the end
|
|
path, type=> ls for list. This show the programs you can run. You can
|
|
connect to the root directory and run it's programs with=> /root by the way,
|
|
most unix systems have their log file on the root, so you can set up a watch on
|
|
the file, waiting for people to log in and snatch their password as it passes
|
|
thru the file. To connect to a directory, use the command: => cd pathname this
|
|
allows you to do what you want with that directory. You may be asked for a
|
|
password, but this is a good way of finding other user names to hack onto.
|
|
The wildcard character in unix, if you want to search down a path for a game or
|
|
such, is the *. => Ls /* should show you what you can access. The file types
|
|
are the same as they are on a dec, so refer to that section when examining
|
|
file. To see what is in a file, use the => pr filename command, for print
|
|
file. We advise playing with pathnames to get the hang of the concept. There
|
|
is on-line help available on most systems with a 'help' or a '?'. We advise you
|
|
look thru the help files and pay attention to anything they give you on
|
|
pathnames, or the commands for the system. You can, as a user, create or
|
|
destroy directories on the tree beneath you. This means that root can kill
|
|
every- thing but root, and you can kill any that are below you. These are the
|
|
=> mkdir pathname => rmdir pathname commands. Once again, you are not alone
|
|
on the system... Type=> who to see what other users are logged in to the
|
|
system at the time. If you want to talk to them=> write username will allow
|
|
you to chat at the same time, without having to worry about the parser. To
|
|
send mail to a user, say => mail and enter the mail sub-system. To send a
|
|
message to all the users on the system, say => wall which stands for 'write
|
|
all' by the way, on a few systems, all you have to do is hit the <return> key
|
|
to end the message, but on others you must hit the cntrl-d key. To send a
|
|
single message to a user, say => write username this is very handy again! If
|
|
you send the sequence of characters discussed at the very beginning of this
|
|
article, you can have the super-user terminal do tricks for you again. Privs:
|
|
if you want super-user privs, you can either log in as root, or edit your acct.
|
|
So it can say => su this now gives you the # prompt, and allows you to
|
|
completely by-pass the protection. The wonderful security conscious developers
|
|
at bell made it very difficult to do much without privs, but once you have
|
|
them, there is absolutely nothing stopping you from doing anything you want to.
|
|
To bring down a unix system: => chdir /bin => rm * this wipes out the pathname
|
|
bin, where all the system maintenance files are. Or try: => r -r this
|
|
recursively removes everything from the system except the remove command
|
|
itself. Or try: => kill -1,1 => sync this wipes out the system devices from
|
|
operation. When you are finally sick and tired from hacking on the vax
|
|
systems, just hit your cntrl-d and repeat key, and you will eventually be
|
|
logged out. The reason this file seems to be very sketchy is the fact that bell
|
|
has 7 licenced versions of unix out in the public domain, and these commands
|
|
are those common to all of them. We recommend you hack onto the root or bin
|
|
directory, since they have the highest levels of privs, and there is really not
|
|
much you can do (except develope software) without them. Next to come: the
|
|
basics of hacking iii: data general
|
|
|
|
This article written by: the Knights of Shadow [end] 1984
|
|
|
|
much you can do (except develope software) without them. Next to come: the
|
|
|
|
basics of hacking iii: data general
|