|
RSTS Hacking
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
--- BASIC RSTS SYSTEM DESTRUCTION ---
By Sam Sneed
Uploaded by Elric of Imrryr
[ Dr's note: there are RSTS/E systems listed in the Mainframe
directory in the other TP file, MAINFRAME NUMBERS. ]
[ Elric's note: Sam Sneed was a member of the infamious 414's, who got busted]
So, you've decided that you'd like to try to down an
RSTS system? Well, here's a beginner's guide:
The RSTS system has two parts, the Priviledged accounts,
and the User accounts. The Priviledged accounts start with
a 1 (In the format [1,1], [1,10], etc. To show the Priv.
accounts we'll just use the wildcard [1,*].)
The priviledged accounts are what every RSTS user would
love to have, because if you have a priviledged account
you have COMPLETE control of the whole system. How can
I get a [1,*] account? you may ask....Well, it takes A LOT
of hard work. Guessing is the general rule. for instance,
when you first log in there will be a # sign:
# (You type a [1,*] account, like) 1,2
It will then say Password: (You then type anything up
to 6 letters/numbers Upper Case only) ABCDEF
If it says ?Invalid Password, try again ' then you've
not done it YET...Keep trying.
Ok, we'll assume you've succeeded. You are now in
the priviledged account of an RSTS system. The first
thing you should do is kick everyone else off
the system (Well, maybe just the other Priviledged
users)....You do this with the Utility Program.
UT KILL (here you type the Job # of the user you'd
like to get ut of your way). If the system won't let
you, you'll have to look for the UTILTY
program. Search for it by typing DIR [1,*]UTILTY.*
Now, you've found it and kicked off all the important
people (If you want you can leave the other people
on, but it's important to remove all other [1,*] users,
even the Detached ones). To find out who's who on the
system type SYS/P- (That will print out all
the privileged users). Or type SYS to see Everyone.
Next on your agenda is to get all the passwords
(Of course). Do this by run$MONEY (If it isn't there,
search for it with DIR[1,*]MONEY.* and run it using
the account where you found it instead of the $)
There will be a few questions, like Reset? and
Disk? Here's the Important answers.
Disk? SY (You want the system password)
Reset? No (You want to leave everything as it is)
Passwords? YES (You want the passwords Printed)
There are others, but they aren't important, just hit a C/R.
There is ONE more, it will say something like
Output status to? KB: (This is important, you
want to see it, not send it elsewhere).
Ok, now you've got all the passwords in your hands.
Your next step is to make sure the next time you
come you can get in again. This is the hard part.
First, in order to make sure that no one will
disturb you, you use the UTILTY program to make it
so no one can login. Type UT SET NO LOGINS. (also
you can type UT HELP if you need help on the program)
Next you have to Change the LOGIN program....I'm
sorry, but this part is fuzzy, Personnally, I've
never gotten this far. Theorectically here's what
you do: Find out where the program is, type
DIR [1,*]LOGIN.* If there is LOGIN.BAS anyplace,
get into that account (Using your password list,
and typing HELLO and the account you'd like to
enter). On the DIR of the program there is a date
(Like 01-Jan-80). To make it look good you type
UT DATE (and the date of the program).
Next, you make it easy for yourself to access the
program. You type PIP (And the account and name of
the program you atre changeing) <60>=(again the
name of the program).
Now what you do is OLD the program. Type
OLD (Name of the program)
Now that is all theoretical. If anyone runs
into problems, tell me about it and I'll
see if I can either figure it out or get someone
else to.
Next thing you want to do is LIST the program and
find out where The input of the Account # is.
To get this far you have to know a lot about programming and
what to look for...
Here is generally the idea, an idea is all it is,
because I have not been able to field test it yet:
Add a conditional so that if you type in a code
word and an account # it will respond with the password.
This will take a while to look for, and
a few minutes to change, but you can do it,
you've got that RSTS system in your back pocket.
Let's say you've (Somehow) been able
to change the program. The next thing you want
to do is replace it, so put it back where
you got it (SAVE Prog-name), and the put it
back to the Prot Level (The # in the <###>
signs) by typing PIP (Prog name)<232>=Progname
(Note, in all of this, don't use the ()'s
they are just used by me to show you what goes
where).
Now you've gotten this far, what do you do?
I say, experiment! Look at all the programs, since
you have Privilged status you can analyze every
program. Look around forthe LOG program, and
find out what you can do to that.
The last thing to do before you
leave is to set the date back to what it was using
the UTILTY program again UT DATE (and the current date).
Sam Snee
|
|
