mirror of
https://github.com/opsxcq/mirror-textfiles.com.git
synced 2025-08-21 02:31:43 +02:00
97 lines
3.0 KiB
Plaintext
97 lines
3.0 KiB
Plaintext
=====================
|
||
|
||
by
|
||
|
||
-=> Doctor Crunch <=-
|
||
|
||
|
||
Ok, you probably have read t-files
|
||
about how to break in a bbs. so, I will
|
||
tell you what to do when you get into
|
||
the bbs. Most sysops, if they have an
|
||
IQ, will disable the INIT command. they
|
||
usually do this by changing the INIT
|
||
command to some other word you will
|
||
never guess. Well, there is an easier
|
||
way to crash the bbs than by searching
|
||
for what the sysop changed it to. Get
|
||
in the moniter (CALL-151), and type:
|
||
|
||
Press [RETURN] A54FG
|
||
|
||
This is the INIT command's entry point
|
||
which DOS calls to initialize a disk.
|
||
There are some bugs with this way of
|
||
crashing a disk though:
|
||
|
||
1) It takes about 40 seconds to INIT
|
||
a disk, and if a sysop is there,
|
||
he can stop you at any time.
|
||
|
||
2) Many boards use a fast dos; and,
|
||
most fast-DOSes had to take out
|
||
the INIT command to make the mods
|
||
to DOS. So, even if you do a
|
||
A54FG, you won't be able to kill
|
||
the disk.
|
||
|
||
I prefer to kill the VTOC, instead
|
||
of INITing the disk. Here are a couple
|
||
Press [RETURN] of reasons why:
|
||
|
||
1) Very quick!!!!!
|
||
|
||
2) Very nasty!!!!!
|
||
|
||
The trick is to rewrite the VTOC
|
||
(Volume Table Of Contents) to say that
|
||
the CATALOG track is 255. Now all of us
|
||
know there is no track 255 on a disk,
|
||
this can only mean.....(you guessed it)
|
||
that the system will bomb when doing
|
||
anything that involves looking at the
|
||
CATALOG track. Since almost everything
|
||
you can do in DOS involves reading the
|
||
CATALOG track, this will crash the bbs
|
||
quite well. And here is a nice little
|
||
catch, you can reboot his disk (which
|
||
will give him an I/O ERROR because
|
||
when the hello file is run, DOS must
|
||
Press [RETURN] look at the CATALOG track) and logoff
|
||
at the same time. You should always
|
||
logoff quickly so that the sysop can't
|
||
lift up the phone, which sometimes will
|
||
prevent you from hanging up. The way I
|
||
logoff is the make the bbs I just
|
||
crashed do a reset, causing me to be
|
||
disconnected from the other end of the
|
||
line. Since most terminal programs
|
||
hang up if you loose the carrier (which
|
||
will happen when his system resets),
|
||
you will hang up the second you crash
|
||
his system!!!!
|
||
|
||
Well, here it is:
|
||
|
||
(Be sure you're in the moniter)
|
||
|
||
*B3BC:FF NAFFBG 3F4:00 NFA62G
|
||
|
||
Press [RETURN] If you don't want to logoff,
|
||
|
||
*B3BC:FF NAFFBG
|
||
|
||
NOTE: Sometimes you may hear a beep,
|
||
then all of your moniter commands
|
||
will fail. This is because of a
|
||
bug in DOS. When RWTS lets go of
|
||
control, the moniter varible $48
|
||
is destroyed. To work properly,
|
||
$48 must be restored to 0 before
|
||
the moniter takes control again.
|
||
I made a short routine that when
|
||
called, writes the VTOC buffer to
|
||
the disk, and sets $48 to 0. The
|
||
routine is:
|
||
|
||
300- 20 FB AF JSR $AFFB |