mirror of
https://github.com/opsxcq/mirror-textfiles.com.git
synced 2025-08-25 17:01:07 +02:00
142 lines
7.1 KiB
Plaintext
142 lines
7.1 KiB
Plaintext
Hacking Vax's & Unix by the Jolly Roger
|
|
|
|
Unix is a trademark of At&t (and you know what that means)
|
|
|
|
_______________________________________
|
|
In this article, we discuss the unix system that runs on
|
|
the various vax systems. If you are on another unix-type system, some
|
|
commands may differ, but since it is licenced to bell, they can't make many
|
|
changes.
|
|
_______________________________________
|
|
Hacking onto a unix system is very difficult, and in this case, we advise
|
|
having an inside source, if possible. The reason it is difficult to hack a
|
|
vax is this: Many vax, after you get a carrier from them, respond=>
|
|
Login:
|
|
They give you no chance to see what the login name format is. Most commonly
|
|
used are single words, under 8 digits, usually the person's name. There is
|
|
a way around this: Most vax have an acct. called 'suggest' for people to
|
|
use to make a suggestion to the system root terminal. This is usually watched
|
|
by the system operator, but at late he is probably at home sleeping or
|
|
screwing someone's brains out. So we can write a program to send at the
|
|
vax this type of a message:
|
|
A screen freeze (Cntrl-s), screen clear (system dependant), about 255
|
|
garbage characters, and then a command to create a login acct., after which
|
|
you clear the screen again, then unfreeze the terminal. What this does:
|
|
When the terminal is frozen, it keeps a buffer of what is sent. well, the
|
|
buffer is about 127 characters long. so you overflow it with trash, and then
|
|
you send a command line to create an acct. (System dependant). after this
|
|
you clear the buffer and screen again, then unfreeze the terminal. This is
|
|
a bad way to do it, and it is much nicer if you just send a command to
|
|
the terminal to shut the system down, or whatever you are after...
|
|
There is always, *Always* an acct. called root, the most powerful acct.
|
|
to be on, since it has all of the system files on it. If you hack your
|
|
way onto this one, then everything is easy from here on...
|
|
On the unix system, the abort key is the Cntrl-d key. watch how many times
|
|
you hit this, since it is also a way to log off the system!
|
|
A little about unix architechture: The root directory, called root, is
|
|
where the system resides. After this come a few 'sub' root directories,
|
|
usually to group things (stats here, priv stuff here, the user log here...).
|
|
Under this comes the superuser (the operator of the system), and then
|
|
finally the normal users. In the unix 'Shell' everything is treated the same.
|
|
By this we mean: You can access a program the same way you access a user
|
|
directory, and so on. The way the unix system was written, everything,
|
|
users included, are just programs belonging to the root directory. Those
|
|
of you who hacked onto the root, smile, since you can screw everything...
|
|
the main level (exec level) prompt on the unix system is the $, and if you
|
|
are on the root, you have a # (superuser prompt).
|
|
Ok, a few basics for the system... To see where you are, and what paths
|
|
are active in regards to your user account, then type
|
|
=> pwd
|
|
This shows your acct. seperated by a slash with another pathname (acct.),
|
|
possibly many times. To connect through to another path,
|
|
or many paths, you would type:
|
|
You=> path1/path2/path3
|
|
and then you are connected all the way from path1 to path3. You can
|
|
run the programs on all the paths you are connected to. If it does
|
|
not allow you to connect to a path, then you have insufficient privs, or
|
|
the path is closed and archived onto tape. You can run programs this way
|
|
also:
|
|
you=> path1/path2/path3/program-name
|
|
Unix treats everything as a program, and thus there a few commands to
|
|
learn...
|
|
To see what you have access to in the end path, type=>
|
|
ls
|
|
for list. this show the programs you can run. You can connect to
|
|
the root directory and run it's programs with=>
|
|
/root
|
|
By the way, most unix systems have their log file on the root, so you
|
|
can set up a watch on the file, waiting for people to log in and snatch their
|
|
password as it passes thru the file. To connect to a directory, use the
|
|
command:
|
|
=> cd pathname This allows you to do what you want
|
|
with that directory. You may be asked for a password, but this is a good
|
|
ay of finding other user names to hack onto.
|
|
The wildcard character in unix, if you want to search down a path for
|
|
a game or such, is the *.
|
|
=> ls /*
|
|
Should show you what you can access. The file types are the same as they
|
|
are on a dec, so refer to that section when examining file. To see what is
|
|
in a file, use the
|
|
=> pr
|
|
filename command, for print file.
|
|
We advise playing with pathnames to get the hang of the concept. There
|
|
is on-line help available on most systems with a 'help' or a '?'.
|
|
We advise you look thru the help files and pay attention to anything
|
|
they give you on pathnames, or the commands for the system.
|
|
You can, as a user, create or destroy directories on the tree beneath you.
|
|
This means that root can kill everything but root, and you can kill any
|
|
that are below you. These are the
|
|
=> mkdir pathname
|
|
=> rmdir pathname
|
|
commands.
|
|
Once again, you are not alone on the system... type=>
|
|
who
|
|
to see what other users are logged in to the system at the time. If you
|
|
want to talk to them=>
|
|
write username
|
|
Will allow you to chat at the same time, without having to worry
|
|
about the parser. To send mail to a user, say
|
|
=> mail
|
|
And enter the mail sub-system. To send a message to all the users
|
|
on the system, say
|
|
=> wall
|
|
Which stands for 'write all'. By the way, on a few systems,
|
|
all you have to do is hit the <return> key to end the message,
|
|
but on others you must hit the cntrl-d key.
|
|
To send a single message to a user, say
|
|
=> write username
|
|
this is very handy again! If you send the sequence of characters discussed
|
|
at the very beginning of this article, you can have the super-user terminal do
|
|
tricks for you again.
|
|
|
|
Privs:
|
|
If you want superuser privs, you can either log in as root, or edit your
|
|
acct. so it can say
|
|
=> su
|
|
this now gives you the # prompt, and allows you to completely by-pass the
|
|
protection. The wonderful security conscious developers at bell made it
|
|
very difficult to do much without privs, but once you have them, there
|
|
is absolutely nothing stopping you from doing anything you want to.
|
|
To bring down a unix system:
|
|
=> chdir /bin
|
|
=> rm *
|
|
this wipes out the pathname bin, where all the system maintenance files are.
|
|
Or try:
|
|
=> r -r
|
|
This recursively removes everything from the system except the remove
|
|
command itself.
|
|
Or try:
|
|
=> kill -1,1
|
|
=> sync
|
|
This wipes out the system devices from operation.
|
|
When you are finally sick and tired from hacking on the vax systems, just
|
|
hit your cntrl-d and repeat key, and you will eventually be logged out.
|
|
_______________________________________
|
|
The reason this file seems to be very sketchy is the fact that bell has 7
|
|
licenced versions of unix out in the public domain, and these commands are
|
|
those common to all of them. I recommend you hack onto the root or
|
|
bin directory, since they have the highest levels of privs, and there
|
|
is really not much you can do (except develop software) without them.
|
|
_______________________________________
|
|
|