informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/primos1.txt

516 lines
26 KiB
Plaintext
Raw Permalink Blame History

_______________________________________________________________________________
INTRODUCTION TO THE PRIMOS OPERATING SYSTEM
Part I (Identification and Penetration)
Written by Violence
Copyright (C) 1989 The VOID Hackers
_______________________________________________________________________________
INTRODUCTION to This Series
This is the first in a public-release series of articles dealing with Prime
computers (both mini's and supermini's) and their respective operating system,
PRIMOS. PRIMOS is one of the several operating systems that the general hacker
community has avoided due to unfamiliarity. In all actuality, PRIMOS is a very
user-friendly operating system and as such, demands respect. In this series
of articles I will cover everything that is important to the aspiring PRIMOS
hacker. In the syllabus are:
Part Contents
---- ------------------------------------------------------------------------
I Identification, and penetration, PRIMOS command line, command types
II Making Your Stay Last Longer, Basic PRIMOS Commands, Internal Security
III Useful PRIMOS Applications
IV Prime Network Communications (PRIMENET and Associated Utilities)
V Language Interpreters and Compilers, Advanced PRIMOS Commands
---- ------------------------------------------------------------------------
That about covers it. This series is largely based on extensive on-hands use,
and all the information provided herein is guaranteed to be 100% accurate in
regards to Revisions 19.xx through 22.xx of PRIMOS. I do occasionally address
pre-revision 19.xx systems, but only in passing as they are extremely uncommon.
In addition, all sample programs included herein have been fully tested. All
PRIMOS output samples were taken from a Revision 22.0.0 PRIMOS system.
I chose to write this series in a technical manner, but not like a typical AT&T
document (grin). All in all, this series does not equal or even come close to
the actual PRIMOS documentation, but since such documentation is generally un-
available to the hacker community, I have tried my best to create a series that
proves as an acceptible alternative. Due to the high content of information I
have provided herein, you are advised to obtain all of the parts to this series
and dump them to your printer. Spend a day reading and comprehending them. I
suggest that you read the entire series before beginning to hack at Primes.
NOTE IN CLOSING: I have opted to remain purposefully vague in some areas due to
potential abuse. This seems to be the rage these days and I'm
sorry if that upsets you, but I have no wish to compromise any
of Prime Computer, Inc.'s trade secrets.
_______________________________________________________________________________
WHAT'S IN PART I?
There is so much to get started with that I wasn't able to get everything in to
Part I. This makes the subsequent parts of this series vital to the comprehen-
sion of the information presented here. There is tons more to cover, so I will
urge you some more to go ahead and get ALL of the other parts. Inside this in-
stallment I shall cover:
o Conventions Used Throughout This Series
o System Identification
o Front-End Security and Penetration
o The PRIMOS Command Line
o A Discourse on PRIMOS Command Types
o How PRIMOS Interacts With Its Users
In 'Part II' I will completely detail the typical internal security setup and
how to improve your security, as well as the many internal snooping tactics
that I use in my day-to-day Prime wanderings. I will also discuss the vital
PRIMOS commands that should be memorized.
_______________________________________________________________________________
CONVENTIONS USED THROUGHOUT THIS SERIES
As with any multi-part series, a set of standards is needed, otherwise the rea-
der may become confused. In writing this series of articles, I had to make an
important decision regarding the conventions used within command examples and
with the numerous hands-on examples scattered throughout the text.
All command references in this series will follow the conventions put forth in
the PRIMOS reference manuals and online help facilities. Conventions follow:
WORDS-IN-UPPERCASE identify command words or keywords and are to be entered
literally. All command abbreviations will be listed following the actual full
command name.
Words-in-lowercase identify arguments. You substitute the appropriate numer-
ical or text value.
Braces { } indicate a choice of arguments and/or keywords. At least one must
be selected.
Brackets [ ] indicate that the word or argument enclosed is optional.
Hyphens - indicate a command line option and must be entered literally.
Parenthesis ( ) must be entered literally.
Ellipses ... indicate that the preceeding argument may be repeated.
Angle Brackets < > are used literally to separate the elements of a pathname.
options: The word 'options' indicates that one or more keywords and/or argu-
ments can be given and that a list of options for the command follow.
All examples throughout this text will be indented '8' spaces so that they will
be easily identifiable. All text typed by the user in these examples will be
completely displayed in lowercase characters. PRIMOS output will then be easy
to identify.
_______________________________________________________________________________
SYSTEM IDENTIFICATION
PRIMOS is Prime's uniform operating system for their extensive line of mini-
and supermini computers. If you have ever read some of the articles detailing
the PRIMOS operating system floating about, then you may have a basic working
knowledge of PRIMOS and such. I will be referencing some of these articles in
this series occasionally (all references are listed in the "References" section
at the end of the last part of this series).
A few years back, the Prime model 750 was all the rage. No longer is that the
case, however. Now days there are many models of Primes and corporations and
governments (the two main Prime owner classes) purchase the models that best
suit their individual needs. Thusly, you will find Prime 250's (ancient) and
750's (also ancient, but still in use) to Prime 4150's (a mid-range system) and
the huge Prime 9550's (high-end mini's). On the high-end of this you will also
find Prime MCXL's (super-mini's) and Prime workstation clusters. As you can
see, the army of Primes is astoundingly large.
Equally large in number are the revisions of PRIMOS that they run. About all
that you will see these days are Rev. 20.xx and greater but you will, on occ-
asion, find a revision 17.xx, 18.xx, or 19.xx system. About the only places
you will find 17.xx and 18.xx systems are on foreign packet-switched networks
(PSN's) (like on Brazil's Interdata or Renpac networks and Japan's Venus-P/NTII
or DDX-P/KDD networks). A scant few 18.xx and 19.xx systems are still operat-
ing in the United States. As said previously, however, you will most likely
find from Rev's 20.xx through 22.xx systems here (and in most other countries).
To understand how PRIMOS interfaces with users you need to have a good working
grasp of what the standard PRIMOS operating system model looks like. To do
this you need a decent abstract model. Here:
Identifying a Prime mini- or supermini computer is not very difficult. Primes
generally behave in one of two ways when connected to. They either sit there,
echoing nothing to your screen or, in the case of a PRIMENET-equipped system,
display their PRIMENET nodename.
In the former case, try this simple test upon connecting. Type a few random
keystrokes followed by a RETURN and take note of what the host system responds
with. If it responds with a battery of error messages followed with the rather
distinctive 'ER!' prompt, then it is a Prime. Here is an example:
asdf
Invalid command "ASDF". (processcommand)
Login please.
ER!
Any Prime that just sits there waiting for you to login is not running PRIMENET
and generally lacks inter-system communications capability. On the other hand,
those systems that are equipped with PRIMENET jump right out and yell "Hey! I'm
a Prime!", as they display their revision of PRIMOS and their system nodename
upon connect. Here is an example:
PRIMENET 21.0.3 VOID
That's all there is to Prime system identification. Like I said, it's a rather
trivial task.
_______________________________________________________________________________
FRONT-END SECURITY AND SYSTEM PENETRATION
Now that we have located a Prime, how do we bypass the front-end security and
get in? Well, before I can begin to answer that question a little discourse on
the security itself is required.
The government has granted Primes a C2 security rating. To give you an idea of
what that means, VAXen are also classed as C2 systems. Hoewever, that C2 rat-
ing sort of 'fluctuates' about. External security should really be a bit high-
er, as Prime Computer, Inc. tells their administrators to remove all defaults.
Not very nice, eh? On the other hand, internal security is not so hot. I'll
discuss internal security more fully in the next Part of this series.
The front door is similar to PRIMOS command level in that it utilizes the comm-
and line (the prompting and I/O sub-systems). The only command which you can
enter at this level of operation is the LOGIN command. There is no 'who' comm-
and available to you prior to system login. As Evil Jay pointed out in
his "Hacking PRIMOS" files (volumes I-III), there is no easy way to get
into a
Prime computer, as its front-door security is excellent.
At this point only one option lies available, unless, of course, you know some-
one on the inside (grin). This option is default accounts. How nice of Prime
Computer, Inc. to install so many default accounts at their factories. As I
have said, however, they tell their administrators to remove these default acc-
ounts after the system has been installed. Not a few administrators fail to
remove these defaults, however, and that is good for us. Also, never forget
that Prime users are people and people like to use easy-to-remember passwords.
But before I go any further, let me explain the LOGIN command in greater detail
(patience is a virtue, you know).
Typically you will type 'LOGIN' and press RETURN. You will then be requested
first for User ID and then your password. Here's yet another example:
login
User id? user
Password? <not echoed>
Invalid user id or password; please try again.
Login please.
ER!
Well, that sure didn't work. Notice how PRIMOS didn't echo your password to
you. The above example is from a non-PRIMENET Prime. After this bad entry you
are probably still connected, so you can have another go at it. A non-PRIMENET
system generally has a high bad-login threshold, so you can make many attempts
per connect. A PRIMENET system on the other hand is more of a bitch to hack as
it will disconnect you after the first incorrect login. Here's another example
(assuming you are hacking a PRIMENET system from the TELENET X.25 network):
@214XXX
214 XXX CONNECTED
PRIMENET 20.0.0 VOID
login user
Password? <not echoed>
Invalid user id or password; please try again.
214 XXX DISCONNECTED 00 00 00:00:00:08 9 7
As you can see, one chance is all you get with a PRIMENET system. A minor note
is in order here regarding all the myriad of X's in the above example. I have
masked the last three digits of the system's NUA (Network User Address), for I
do not wish all you eager PRIMOS hackers to start banging on my system's front
door (grin). I have also edited the system's nodename from its actual nodename
to a more appropriate one (grin). I will continue to mask all system identifi-
cation from my examples.
So far you are accustomed to typing in 'LOGIN' and pressing RETURN to start
logging in. On all Primes you can nest the 'LOGIN' command and your User ID in
the same line, as is illustrated in the following example:
login user
Password? <not echoed>
And on a very few other Primes you can do a full LOGIN nest, as such:
login user password
You might not wish to use full-nesting capability when other hackers are lurk-
ing about, as they might decide to practice shoulder surfing (grin).
If a User ID/password combination (hereafter referred to as an 'account') is
valid, you will recieve the following login herald from PRIMOS:
USER (user 87) logged in Sunday, 22 Jan 89 16:15:40.
Welcome to PRIMOS version 21.0.3
Copyright (c) 1988, Prime Computer, Inc.
Serial #serial_number (company_name)
Last login Wednesday, 18 Jan 89 23:37:48.
'serial_number' and 'company_name' will be replaced by the actual serial number
and company name of the company that owns the Prime computer site.
Just one more small thing I need to cover about the 'LOGIN' command right now,
and that is login troubles. Troubles? You bet'cha. The first trouble occurs
when the account you login to exists and is valid, but it doesn't have an init-
ial ATTACH point (in other words, you don't seem to have a 'home' directory).
This is no fun, since this account cannot be logged into. Bah. The other tro-
uble is remote user passwords. This is definitely no fun. The prompt for such
are generally different from one another, as they run both commercial and cust-
om written software to handle this. When you come upon a remote password, try
the User ID and, if that doesn't work, then try the system's nodename. If both
of these attempts fail, you can either keep trying passwords (brute-force hack-
ing) or you can give it up and move onto the next account or system. A popular
commercial front-end security package is "LOGINSENTRY" from Bramalea Software
Systems, Inc. "LOGINSENTRY" is an excellent package, so good luck when you go
up against it. It supports remote passwords, password aging, old-password
databasing, etc.
That's about all you need to know about the 'LOGIN' command right away. In the
section on Prime Networking I will discuss the remote login feature (similar to
the UNIX 'rlogin' command). For now, this will suffice.
Here is a listing of default PRIMOS accounts along with some other accounts I
find that work occasionally (i.e, more than just once):
NOTE: The '+' and '*' symbols are not parts of the User ID.
User ID Password Comments
_______________________________________________________________________________
+ ADMIN ADMIN, ADMINISTRATOR Administrator account
+ CMDNC0 CMDNC0 External command UFD maintenance
* DEMO DEMO, GUEST Demo account
+ DIAG DIAG Diagnostic account
+ FAM FMA File Access Manager
+ GAMES GAMES Games account (only on schools)
* GUEST GUEST, VISITOR Demo account
+ HELP HELP Help subsystem account
+ INFO INFO Information account
+ JCL JCL Job Control Language account
+ LIB LIB, LIBRARY Library maintenance account
+ NETMAN NETMAN Network controller account
+ NETPRIV NETPRIV Network priv account
+ NEWS NEWS News account
+ NONETPRIV NONETPRIV Network nopriv account
* PRIME PRIME Prime account
+ PR1ME PR1ME Prime account
+ PRIMOS PRIMOS Prime account
+ PRIMOS_CL PRIMOS_CL Prime account
+ REGIST REGIST User registration account
+ RJE RJE Remote Job Entry account
+ STUDENT STUDENT, SCHOOL Student account (only on schools)
* SYSADM SYSADM, ADMIN Administrator account
* SYSTEM SYSTEM Administrator account
+ TELENET TELENET GTE TELENET account
* TEST TEST Test account
+ TOOLS TOOLS Tool maintenance account
_______________________________________________________________________________
Several of these combinations will not work, as they are initial system setup
accounts and the administrator, after setup, changes them or completely removes
them (Prime Computer, Inc. advises this). I have denoted these accounts with a
'+' symbol.
The accounts marked by a '*' are the ones that I find work most commonly. More
often than not they have good privileges (with exception to GUEST).
Notice SYSADM. Say, isn't that a UNIX default? Sure it is but I have found it
to work so many times that I just had to assume it was a default of some sort.
As for TELENET I have yet to see it work, but Carrier Culprit states in the LOD
Hacker's Technical Journal file on PRIMOS (LOD T/J Issue 2) that it works some-
times.
Lastly, unlike UNIX, the PRIMOS LOGIN subsystem is not case-dependant. This is
good, as case dependancy gets boring at times. User ID "system" is the same as
"SYSTEM". PRIMOS maps all command line input to upper case prior to processing
it. This is true for logins and commands. Although your typing appears in
lower case, PRIMOS interprets it in upper case. No big deal. Just thought I'd
mention it.
All of this information is for 19.xx through 22.xx systems. I do believe that
I will make an appendix for logging into revision 17.xx and 18.xx systems beca-
use you never know when you might find one. And besides, once you have experi-
enced a revision 17.xx or 18.xx system you will love revisions 21.xx and 22.xx
that much more!
_______________________________________________________________________________
THE PRIMOS COMMAND LINE
Before I go on any further some discussion on the PRIMOS command line is in or-
der. The command line is the agent that accepts your input and then transports
the input to the command processor (known affectionately as '(processcommand)')
for parsing.
The PRIMOS command line is interesting in the fact that it utilizes two prompts
in it's execution. These prompts are 'OK,' and 'ER!'. There is no difference
in the two, save that the 'ER!' prompt is displayed only after you make a mist-
ake and are given an error message. After successful execution of a command,
however, you will see the 'OK,' prompt again. You can alter these prompts with
a special command, but I will save that for the section I have planned on cust-
omizing your environment.
Of all the most popular command lines (PRIMOS, UNIX, VAX/VMS) I like the PRIMOS
command line the most. You can have separate commands on the same command line
(just separate them with a semicolon), and so forth.
No command (along with all options and arguments) can be longer than 160 char-
acters. If you should enter a command line longer than 160 characters then it
will be rejected by the command processor and you will get the following error
message:
Command line longer than 160 characters. (listen_)
The PRIMOS command line has several special features, and some of these are:
o User-defined abbreviations
o Command line syntax suppression
o Multiple commands on one line
o User-defined global variables
o PRIMOS command functions
o Command iteration
o Wildcard names
o Treewalk pathnames
o Name generation patterns
There will be full discourses on user-defined abbreviations and command func-
tions later in this series.
The PRIMOS command processor identifies these features by searching for special
characters entered in the command line. These special features, in the order
that they are searched for, are given in the following table (this table repro-
duced from the Revision 19.xx Command Reference Manual, still pretty current in
this regard).
Be aware that user-defined functions are always processed first and use no spe-
cial characters of any sort.
FEATURE SPECIAL CHARACTER COMMENTS
-------------------------------------------------------------------------------
Abbreviations No special characters
Syntax suppressor In first position on line only
Command separator ;
Global variables % %
Functions [ ]
Iteration ( )
Treewalking @,@@,+,^ In any intermediate position of
pathname
Wildcarding @,@@,+,^ In final position of pathname
Name generation =,==,^=,^==,+
-------------------------------------------------------------------------------
When these special characters are found, the PRIMOS command processor substi-
tutes the value of the item for the item itself. This is 'one-to-one' substi-
tution.
Iteration lists cause the command processor to create one command for each item
found or matched on the iteration lists. In the case of wildcard or treewalk
names, the user sets the pattern and the command processor searches the spec-
ific directory or directories for all file system objects that "match" that
pattern. These features can be thought of as creating "many-to-one" matches.
Name generation patterns can be used to create matching names either for simple
filenames or for whatever number of filenames resulting from a wildcard or
treewalk name.
NOTE: All commands support all the features listed above. The general rule is
as follows: if a feature is not useful in connection with a particular
command, then that command will not recognize it.
_______________________________________________________________________________
A DISCOURSE ON PRIMOS COMMAND TYPES
There are two kinds of PRIMOS commands, internal and external. Internal comm-
ands are built right inside of PRIMOS (i.e, in the compiled programs that make
up PRIMOS). External commands are programs located in the CMDNC0 directory.
When an external command's filename is typed (the name of the command, less the
file extension) then the program is invoked. Of course, you may add the file's
extension if you wish, as it will work, but that is defeating the purpose.
The reason for internal and external commands is twofold. The PRIMOS files
(usually located in the DOS directory) take up a lot of memory. Not all Prime
systems have whopping loads of memory, so Prime made sure that PRIMOS was able
to be executed flawlessly (memory constraint-wise) on all system models. Only
the MOST important commands were built inside of PRIMOS. Less vital (yet still
vastly important) commands were made to be external commands. Secondly, diff-
erent sites have different needs. Prime recognized this need and their command
structure allows for the easy customizing of PRIMOS commands (adding, changing,
removing, creating). It's an ideal setup, really.
_______________________________________________________________________________
HOW PRIMOS INTERACTS WITH ITS USERS
To understand how PRIMOS interfaces with users you need to have a good working
grasp of what the standard PRIMOS operating system model looks like. To do
this you need a decent abstract model. Here:
__ ________________________ __
| | | | | |
| | | CMDNC0 Externals | | |
| | | __________ | | |
Requests | |->| | | |<-| | Requests
| | | | Kernel | | | |
Replies | |<-| |__________| |->| | Replies
| | | | | |
| | | Command Line | | |
|__| |________________________| |__|
User Phantom
Processes Processes
As you can see, PRIMOS is made up of the kernel (the heart of the operating
system; the command processor and all of the internal commands) as well as
the CMDNC0 externals (prograns; external commands) and the PRIMOS command line
(what the user uses to interact with PRIMOS).
_______________________________________________________________________________
Well, I have come to the end of the first installment of five of the Introduct-
ion to the PRIMOS Operating System. In the next part I will detail:
o Making Your Stay Last Longer
o Basic PRIMOS Commands to Memorize
o A Full Discourse on User-to-User Communication
o Internal PRIMOS Security
o Exploring the Vast Reaches of a Prime
Until then may the forces of darkness become confused on the way to your house.
_______________________________________________________________________________
End of Part I of the "Introduction to the PRIMOS Operating System".
_______________________________________________________________________________
Reference in New Issue View Git Blame Copy Permalink