ShadowSpawn BBS Presents...
 
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\                               \\\
\\\   HACKING THE RSTS/E SYSTEM   \\\
\\\                               \\\
\\\       >>> VOLUME I <<<        \\\
\\\                               \\\
\\\    BY THE WHITE GUARDIAN      \\\
\\\                               \\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
 
PREFACE
-------
SO, ALL OF YOU PEOPLE WHO HAVE GROWN
USED TO USEING THE DEC PDP-11 
COMPUTER IN YOUR SCHOOL OR OFFICE,
HERE IS AN INDEPTH LOOK AT THE SYSTEM
AND WHAT CAN BE DONE WITH IT.
 
THE AUTHOR OF THIS ARTICLE TAKES NO
RESPONSABILATY FOR ANY OF THE ACTS
THAT MAY FOLLOW TE READING OF THESE 
ARTICLES.  THEY ARE STRICTLY WRITTEN
IN A INFORMITVE MODE TO TEACH THE
DEC USER MORE ABUT THE SYSTEM HE IS
ON.
 
 
             ACCOUNTS
           ------------
TO START THIS ARTICLE BASICLY, WE 
WILL BEGIN BY DISCUSSING ACCOUNT. 
THERE ARE TWO BASIC TYPES OF ACCOUNTS
THAT ARE ACTIVE ON THE SYSTEM. THERE
IS THE USER ACCOUNTS AND THE SYSTEM
MANAGER ACCOUNTS.
 
[1,*] 
-----
THESE ARE THE SPECIAL ACCOUNTS THAT
HAVE ALL OF THE OFFICIAL POWER ON
THE SYSTEM.  THEY ARE ABLE TO GET
ONTO ANY ACCOUNT, GET AT ANY FILES,
AND DO ANYTHING THEY WANT TO. THESE
ACCOUNTS ARE LIMITED TO THE SYSTEM 
OPERATERS.  MORE ON THESE POWERS WILL
BE DISCUSSED LATER.
 
[0,1]
-----
THIS IS THE ACCOUNT THAT IS WERE
MANY MAJOR SYSTEM FILES ARE STORED.
YOU CAN FIND THE ERRORS STORED HERE
AND THE DCL PROGRAM.  THERE ARE ALSO
A FEW OTHER FILES THAT HOLD LITTLE 
VALUE TO THE SERIOUS SYSTEM HACKER.
 
ALL OTHERS
----------
THESE ARE JUST BORING ACCOUNTS ON 
THE SYSTEM THAT CONTAIN NO POWER
AND CANNOT BE GIVEN POWER UNLESS 
BY WAY OF SOFTWARE THAT YOU CAN 
WRITE.  I WILL ALSO DISCUSS THAT
LATER.
 
PROGRAM EXAMINATION #1 - $LOGIN.BAC
 
LOGIN.BAC WAS A PROGRAM WRITTEN BY 
DIGITAL EQUIPTMENT CORPORATION.
IT IS USED TO LOG A USER ON TO THE 
SYSTEM AND WATCH FOR SECURITY 
VIOLATIONS.  
 
WHEN YOU FIRST GET ONTO THE SYSTEM 
YOU WILL SEE SOMETHING LIKE THIS:
 
RSTS/E VERSION 8.1  [SCHOOL NAME] LOCAL
  JOB X [DATE] [TIME]
 
ENTER USER #:
 
AT THIS PROMPT THE LOGIN PROGRAM IS
EXPECTING TWO NUMBERS DIVIDED BY A 
COMMA.  IT MAY BE INTERESTING TO NOTE
THAT THESE NUMBERS ARE NOT REALLY 
TWO NUMBERS BUT A STRING. ANYWAY, THE
NUMBERS RANGE FROM 0 TO 255 ON BOTH
SIDES OF THE COMMA. THE COMMA CAN 
ALSO BE REPLACED BY A SLASH.
 
NEXT, AFTER YOU HAVE ENTERED YOUR 
ACCOUNT NUMBER, YOU WILL COME APON
A PROMPT SAYING:
 
PASSWORD :
 
A PASSWORD CAN BE BETWEEN 1 TO 6
CHARACTORS AND THESE CHARACTORS MAY
BE ONLY LETTERS OR NUMBERS.  THAT
MEANS THAT THERE IS A TOTAL OF 36
DIFFERENT CHARACTORS THAT COULD BE
IN EACH POSSITION OF THE PASSWORD.
PASSWORDS DO NOT HAVE TO BEGIN WITH
A CHARACTOR.  BY THE WAY, ANY ACCOUNT
THAT HAS A PASSWORD OF ?????? IN 
UNACCESSABLE TO ANYONE ON THE SYSTEM
BUT A SYSTEM OPERATOR.
 
FOR THOSE OF YOU DARING PEOPLE WHO
WOULD LIKE TO GET  INTO A 1 ACCOUNT,
YOU WILL RECIEVE A FURTHER PROMPT.
YOU WILL SEE:
 
AUXILARARY PASSWORD : 
 
THIS IS A FUNNY PASSWORD.  THEIR IS 
ONLY ONE AUX PASWRD FOR ALL OF THE 
ONE ACCOUNTS.  IT IS WRITTEN INTO
THE MAIN PROGRAM AND ASSUMES THE 
VARIABLE NAME L.PASS.  IF YOU ARE 
TO GET AHOLD OF A LISTING OF THE 
LOGIN PROGRAM YOU WILL FIND IT SOME
WHERE NEAR THE END OF THE PROGRAM.
 
THE REASON FOR THIS PASWRD IS NOT 
ONLY BECAUSE OF THE ADDED SECURITY
IN HACKERS, BUT BECAUSE WHEN A SYSOP
RUNS A PROGRAM CALLED MONEY(TO BE
DISCUSSED LATER) HE CAN PRINT OUT
A LIST OF TH PASSWORDS.  THIS SHEET 
WILL HAVE THE ACCOUNTS,AND ALL OF THE
OTHER INFORMATION ABOUT THESE 
ACCOUNTS INCLUDING THE PASWRDS.
THE AUX PASWRD IS NEVER ON THESE 
LISTINGS.
 
POINTS ABOUT LOGIN
------------------
IT IS POSSABLE TO PUT SECURITY INTO
THIS PROGRAM WITH ONLY SMALL AMOUNTS
OF MODIFCATIONS.  THE LOGIN PROGRAM
HAS A PART OF IT THAT WILL SEND A 
PACKAGE OF DATA TO ANOTHER PROGRAM
FOR PROCESSING.  IT SENDS STUFF LIKE
TIME, ACCOUNT LAST ON,ACCOUNT THE 
PERSON WAS TRYING TO LOG ONTO, PASWRD
USED AND A WHOLE BUNCH OF OTHER 
STUFF.  NEVER LOG ONTO TO ANOTHER
ACCOUNT DIRECTLY FROM YOUR OWN. I 
KNOW A GUY WHO WAS BUSTED BECAUSE HE
LOGGED DIRECTLY FROM HIS ACCOUNT TO
A TEACHERS ACCOUNT, AND THEN BACK TO
HIS ACCOUNT AGAIN.  THE SYS-OP CAME
UP TO HIM AND SHOWED HIM HOW THERE
WAS A COMPLETE RECORD OF ALL ACTIVITY
ON THE SYSTEM.  MOST PEOPLE DO NOT
HAVE TOWORRY ABOUT THIS SITUATION...
IT IS ONLY THE ONES WITH PARANIOD 
SYS-MANG THAT HAVE TO WATCH OUT.
A PROGRAM YOU SHOULD ALL WATCH OUT
FOR IS LOGLOG. IT IS FOUND IN THE 
MESSAGE RECIEVERS OF THE SYSTAT 
LISTING. MORE ON SYSTAT AND WHAT XOU
CAN DO WITH IT LATER.
 ANYWAY, ALWAYS MAKE A POINT OF 
CHECKING THE SYSTAT BEFORE YOU LOG
ON EACH TIME. IF ANY OPRS ARE PRESENT
AND THEY ARE ACTIVE, DON'T LOG ON.
 
OTHER LOGIN COMMANDS
--------------------
HERE ARE A FEW OTHER THING THAT CAN
BE DONE WITHOUT LOGGING ONTO A SYSTEM
 
SYSTAT - ON MOST SYSTEMS, IT IS 
       POSSABLE TO TYPE THIS AND
       GET A LISTING OF WHO IS ON
       THE SYSTEM. IT WILL GIVE
       YOU HINTS ABOUT ACCOUNTS THAT
       ARE ACTIVE AND OTHER NOTABLE
       DATA ABOUT THE SYSTEM
 
I
 
TYPE DIR/S OR PIP/DI:S 
 
LOOK AT YOUR RUN TIME SYSTEM....
 
\\\\\\\\\\\\\\\\\\\\\\\\\\\8\\\\\\\\
\\\                              \\\
\\\ UNTIL NEXT TIME...           \\\
\\\                              \\\
\\\ IT WAS THE BEST OF TIMES,    \\\
\\\ IT WAS THE WORST OF TIMES... \\\
\\\                              \\\
\\\          THE WHITE GUARDIAN  \\\
\\\              H.  O.  T.  K.  \\\
\\\                              \\\
\\\  TO CONTACT: CATS DEN I,II,IV\\\
\\\            4TH REICH,POISON  \\\
\\\            DAGGER, AND MANY  \\\
\\\            OTHERS..........  \\\
\\\                              \\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

DOWNLOADED FROM P-80 SYSTEMS.....