UnderGround Information
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%
%% What's Hacking? %%
%% A series by David Lightman %%
%% %%
%%%%%%%%%%%%%%%%%%%%%%-SPECIAL ISSUE-%%%%%%%%%%%%%%%%%%%%%%%
%% %%
%% VAX COMPUTER SYSTEMS %%
%% %%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
This is a requested discussion from Jolly Bardsman's Pub &
Tavern at (XXX) XXX-XXXX. If you have any requests, send me mail
at any address listed below:
USENET: [email protected]
... or ...
{texsun..texbell..}!attctc!bdunn
TELEMAIL: csupport/a755.cc3556/tech.services/credit.data/isg/trw
BBS's:
Elm Street Jolly Bardsman's Pub & Tavern
Channel Z Spyder's Web
Dead Zone Abyssal Plane
Oblivion (if AO gets the damn thing off the ground)
By 03/06/90, you may connect to a beta Twilight Zone at XXX-
XXX-XXXX. You may also reach me voice at 214-660-6054. Limit
the calls to an EXTREME minimum!
If I get multiple requests about a topic (as I did with VAX),
I will put something online the WHAT'S HACKING? subboards and the
beta system Twilight Zone ]I[.
-----------------------------------------------------------------
VAX: The VAX acronym is derived from Virtual Address eXtension.
The VAX computer is designed to use memory addresses beyond
the hardware's actual limits, enabling it to handle pro-
grams that are too large to fit into physical memory. The
VAX computer system is a member of the Digital Equipment
Corporation (DEC) computer family. Currently the VAX
series includes models spanning the desktop VAX station to
mainframe class multi-CPU VAX processors. These vary from
the superminis, like MicroVAX, to the older, moderate sized
11/7XX series, to the newer 6000 series. These computer
systems commonly use an operating system known as VMS.
VMS: The VMS acronym is for Virtual Memory System. The operands
of VMS are very similar to other operating systems. Back
in the days of stand-alone computer systems, DEC had the
idea for streamlining the operation of their computers for
business and engineering. It conceived VMS as a way of
allowing the basic computer management to be done by a user
familiar with any of the multiple systems it made.
DCL: The DCL acronym is for Digital Command Language. It is the
fundamental language of the VMS. Those of you who have an
IBM system, you can think of a DCL program like a batch
file. You can do a lot with it (much more than a PC-DOS or
MS-DOS batch) but it work basically the same way. One
difference is that when you want to execute anything as if
you were typing it in at the command prompt, you first must
put a "$" in front of the command in the DCL program. DCL
programs are commonly called COM files as well. When you
are not executing a COM or DCL program file, you are almost
always typing things into the DCL processor.
Subject: What's Hacking VAX Special - 2
From: David Lightman (Level 30) [A dude who wanted access]
To: ALL
Sent: 3/1/90 at 2:49 pm
WHAT DOES A VAX LOOK LIKE: (quickly)
=========================
When you log into a VAX, you will see something similar to the
following:
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
WELCOME
TO THE
AT&T MICROVAX II SYSTEM
Username: (username here)
Password: (password here... does not echo)
$ (<-- this is your prompt)
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
You will know if you have a VAX type system if you get the
"Username:" and "Password:" prompts. Anything is just extra that
helps you guess passwords.
GETTING IN A VAX BY ERROR:
=========================
I will only tell you one thing here. VMS 4.X and especially
VMS4.4 are goldmines. I am not going to go into this at all,
because it is a lengthy explanation that doesn't fit in the scope
of this message. You can find this discussion on ARPANET and
USENET. You can also get this information on CompuServe
Information Service, BYTE Information Exchange, and Digital
Electronics Corporation's VAX BBS. There is also a big problem
with VMS 5.1, but that doesn't involve getting in. If there are
enough requests, I will cover this information in another mes-
sage.
GETTING IN A VAX BY DEFAULT:
===========================
There are several default accounts that were put in by DEC
when testing and installing the VAX. These accounts have pass-
words which don't change from system to system. The SYSOP should
have removed these accounts or changed the passwords, but it is
not done a lot of times. Below, I have listed several defaults:
USERNAME PASSWORD
-------- --------
DECNET DECNET
* SYSTEST UETP
SYSTEST
SYSTEM SYSTEM
DEFAULT DEFAULT
* FIELD FIELD
OPERATIONS OPERATIONS
* SUPPORT SUPPORT
DEC
SYSTEST_CLIG CLIG
SYSTEST
TEST
Where I have listed several passwords, I have found the re-
spective usernames passworded that way as much as the default
password. The accounts with asterisks beside them are powerful
accounts by default.
Subject: What's Hacking VAX Special - 3
From: David Lightman (Level 30) [A dude who wanted access]
To: ALL
Sent: 3/1/90 at 2:51 pm
VAX VMS COMMANDS:
================
Once you get your "$" prompt, you will be able to type in
hundreds of commands of course. I will go over a few basic ones
here:
@ - Execute procedure. When you want to run any
DCL batch or *.COM;* file, you must include
this "@" before the filename.
EX: @LOGIN.COM;3
ACCOUNTING - This will run the accounting program. If you
log out of a system and you see charges put
on your account for the amount of time you
are on, the system is using account. Actual-
ly every system uses accounting somewhat, but
it can be made virtually invisible. If you
are desperate, or you are having troubles
with the system operators of the VAX (SYSOPS
from now on), you can use this program to
your advantage.
CREATE - This will create just about anything. If you
have a program that you have written on your
PC's Pascal interpreter, you can Ascii upload
the file to the VAX using the CREATE command.
EX: CREATE program.pas;1
CREATE/DIR - This will simply create a SUB directory for
you. I will explain how to get around a VAX
in a minute. See the SET command.
EX: CREATE/DIR NameOfDir
DELETE - Just used to delete a file or EMPTY, UNPRO-
TECTED DIRECTORY. To delete a file, just
type "DEL filename.ext;x." To delete a sub
directory, first delete all of the files in
the directory: "DEL/LOG *.*;*" Next, you
will need to SET PROTECTION: "SET
PROTECTION=OWNER:D dirname.DIR" Next, delete
the directory: "DEL dirname.DIR"
EX: DEL DAVID.TXT;4
DIRECTORY - This will show you what files are contained
in the current directory. Adding "/BRIEF"
will give you a short listing and adding
"/FULL" will give you a full listing includ-
ing security information on each file. You
can shorten the command to DIR and you may
use wildcards. The "*" means anything of any
length. The "%" means anything one character
length.
EX: DIR/FULL DAVID-%%.*;%
EDIT - This command will bring up the editor. Some
VAX systems use a type of editor similar to
MS-DOS/PC-DOS's EDLIN. HOWEVER, some VAX
systems use EDT/EVE editing which is a full
screen editor (usually). With this editor,
you can do a lot quickly, but only if your
terminal will support cursor control. VT-100
is very clumsy. Try getting VT-220 when you
use the EDT/EVE editor.
Subject: What's Hacking VAX Special - 4
From: David Lightman (Level 30) [A dude who wanted access]
To: ALL
Sent: 3/1/90 at 2:53 pm
HELP - This command will bring up the HELP program.
This is just a clumsy imitation of what you
are reading. (heh heh)
LIBRARY - Used for archive purposes. You will proba-
bly not use this command much if you are new.
I am mentioning it now because I will type up
a more in depth discussion of VAX later on
the "What's Hacking?" sub boards.
LOGOUT - Logs you out.
MAIL - Loads the mail program. Used to send mail to
others users and CAN (YES, IT CAN) be used to
send mail (or other) to (OR FROM) the network
if the VAX is connected to a network. It CAN
(YES, CAN) also send data to (OR FROM) the
computers on the DECNET (if used).
$PASSWORD - Changes your password.
EX: $PASSWORD mynewpass
PHONE - Used to talk to another user. This command
is pretty nice compared to other means. Your
"$" prompt will be replaced with a "%" prompt
once phone is executed. If you want to talk
to someone, type his username. If you want
to talk to someone on a different node, type
his nodename, two colons, and then his user-
name. A lot of times you will find this one
disabled (especially on University
computers), but there are alternate ways to
communication online other than MAIL and
PHONE. See below.
EX: PHONE
% node13::dlight
PHOTO - Records session.
RUN - Executes executables. (simple?)
SET - Wow... this is a lot. See below.
SHOW - This involves a lot too, but not as much as
SET. With SHOW, you can look at a lot. I am
just going to list a lot of things you can
view and what it will show you.
EX: SHOW USERS DAV
CLUSTER - VAX cluster if any
DEFAULT - Directory path and device
DEVICES - The system devices (drives,
etc.)
INTRUSION - If any accounts are being
hacked
MEMORY - Memory of course
NETWORK - Network and the VAX's location
within
PROCESS - PROCESS ProcessName shows
status
PROTECTION - Protection on files
QUOTA - Shows disk space allowed for
your account
SYSTEM - Miscellaneous system info
DAY - Day & date
TIME - Time
USERS - Users online all systems
Subject: What's Hacking VAX Special - 5
From: David Lightman (Level 30) [A dude who wanted access]
To: ALL
Sent: 3/1/90 at 2:56 pm
TYPE - Shows the contents of a file by sending it to
the terminal.
EX: TYPE DAVID.TXT;3
THE SET COMMAND:
===============
The SET command is one of the most widely used and versatile
commands on the VMS 5 series DCL.
SET FILE/PROTECTION:
===================
I suppose the most frequent use of SET involved the PROTECTION
option. These protections, known as SOGW or UIC protections, can
be put on any file or directory that you have WRITE & EXECUTE
privileges on. Setting the protection involves allowing differ-
ent users on the VAX to read, write, execute, or delete your file
or directory. The FILE /PROTECTION option of SET is used to
accomplish this. An example is:
SET FILE/PROTECTION=OWNER:E david.exe;4
If you typed this command in the DCL for a program called
DAVID.EXE;4 (4 is the version number), then the owner (or crea-
tor) of the file can do nothing to the file but execute it.
However, in another example:
SET FILE/PROTECTION=OWNER:RWED david.exe;4
you are going to be able to "R"ead, "W"rite, "E"xecute, and
"D"elete the program. The same applies to a directory. Just
substitute the directory name for the filename above. When
creating a directory, the SET is set so that you may not delete
it. As discussed previously, you will have to issue a "SET
PROTECTION OWNER:D dirname.dir;1" and "DEL dirname.dir;1" to
delete the directory.
Other than the owner, UIC file protection can be placed on any
of the following:
WORLD - Any user on the system.
GROUP - Any user in your group.
OWNER - Only your account or matching UIC.
SYSTEM - Anyone that has SYSPRV privileges or the octal UIC
groups.
SET TERMINAL:
============
This is VERY important to all of us who call into the VAX
system. If you have a VT100 (not just ANSI), you can use:
SET TERMINAL/DEVICE_TYPE=VT100
Additional terminal settings are possible, for example:
SET TERMINAL/WIDTH=80 - Sets width to 80 columns
SET TERMINAL/ADVANCED_VIDEO = Sets 124 X 24 lines
SET TERMINAL/ANSI_CRT = ANSI escape sequences
SET TERMINAL/AUTOBAUD = Possibly gets higher baud rate
SET TERMINAL/BROADCAST = Enable messages from SEND, MAIL & PHONE
SET TERMINAL/DEVICE_TYPE=VT220 - Sets terminal type to VT220
SET TERMINAL/ECHO = Enables echoing from DCL command line
SET TERMINAL/FULLDUP = Enables full duplex
SET TERMINAL/HANGUP = Causes account to log off if no carrier
SET TERMINAL/INQUIRE - Shows device_type of terminal
SET TERMINAL/PAGE=43 - Sets display length to 43 lines
SET TERMINAL/TYPE_AHEAD = Sets type ahead function on
SET TERMINAL/UNKNOWN - Used for ASCII device types
SET TERMINAL/WRAP = Used to set wrap around feature
All of the above denoted with a "=" rather than a "-" can be
changed to the opposite setting by placing a "NO" directly in
front of the qualifiers. EX: SET TERMINAL/NOECHO
Subject: What's Hacking VAX Special - 6
From: David Lightman (Level 30) [A dude who wanted access]
To: ALL
Sent: 3/1/90 at 2:58 pm
SET DEFAULT (or... MOVING AROUND A VAX):
=======================================
To move around the VAX DCL, in and out of directories, I need
to tell you about the SET DEFAULT command. It is just like the
CD command on UNIX and MS-DOS/PC-DOS, except it follows a format.
The format is "SET DEFAULT [.subdir]" to go down to a sub direc-
tory and "SET DEFAULT [-]" to go to the parent directory. I will
explain more involved uses like changing disks, if asked, to keep
you out of trouble for now. First, I will show by example and
then explain my example to those out there who lack a brain.
$ DIR (step 1)
PROGRAM.EXE;2 PROGRAM.EXE;1
$ CREATE/DIR example (step 2)
$ DIR (step 3)
EXAMPLE.DIR;1 PROGRAM.EXE;2 PROGRAM.EXE;1
$ SET DEFAULT [.example] (step 4)
$ DIR (step 5)
no files, animals, vegetables, nor minerals error
$ SET DEF [-] (step 6)
$ COPY PROGRAM.EXE;2 [.example] (step 7)
$ SET DEF [.example] (step 8)
$ DIR (step 9)
PROGRAM.EXE;2
$
Here's what I did...
STEP 1: I asked to see the contents of the current directory.
I found that I have the program PROGRAM.EXE is the
1st and 2st versions in the directory.
STEP 2: I created a directory called "EXAMPLE." This name
can be anything of course.
STEP 3: I again asked for the contents of the directory. It
now shows me that I have a "file" called
"EXAMPLE.DIR;1." That is just the directory. Any-
thing with an extension of "DIR" will be a directory.
For more on extensions, see below.
STEP 4: I changed directories by use of the SET DEFAULT
command. You must always follow this format to
change into a SUB directory.
STEP 5: I AGAIN (!) looked into the directory. This time, my
directory was EXAMPLE so I of course saw nothing.
You will get an error I believe when you try to DIR
an empty directory.
STEP 6: This command is used to rise up to the parent direc-
tory. The parent directory contains the filename
"EXAMPLE.DIR;1," remember? The DEFAULT option can be
shortened to DEF.
STEP 7: Here I am illustrating how to move programs around a
little. I just copied the program PROGRAM.EXE;2 into
the subdirectory EXAMPLE.
STEP 8: See step 3. (a lazy, tired Dave)
STEP 9: I >ONCE MORE< issued the DIR command to reveal the
contents of the directory. I now find the program
PROGRAM.EXE;2 in my directory listing of my sub
directory EXAMPLE.
If you don't understand the basics of moving around a VAX by
now, push "OFF".
Subject: What's Hacking VAX Special - 7
From: David Lightman (Level 30) [A dude who wanted access]
To: ALL
Sent: 3/1/90 at 3:00 pm
FILENAME EXTENSIONS:
===================
Occasionally you will run across a BIG directory. This will
hopefully not happen until you read more on VAX on my WHAT'S
HACKING sub boards, but if it does, this list will hopefully help
you avoid making too big a mistake or wasting a lot of time.
ADA Ada compiler source code file
BAS BASIC compiler source code file
B32 BLISS-32 compiler source code file
C C compiler source code file
COB COBAL compiler source code file
FOR FORTRAN compiler source code file
MAR MACRO compiler source code file
PAS Pascal compiler source code file
PLI PL/I compiler source code file
CLD DCL command description file
COM DCL batch or command procedure file
DAT Data file
DIS Distribution file (as in mail)
DIR Directory file (as in a subdirectory)
EDT Command file for the EDT editing program
EXE Executable program
HLP Text for help libraries
JOU EDT editor journal when problems occur
LIS System listing file (as in TYPE, PRINT, & PHOTO)
LOG Batch job output file
MAI Mail message file
MEM DSR output file
OBJ Object code created by compiler before LINKing
RNO Source file for DSR
SIXEL Files for Sixel graphics
SYS System image file
TJL Journal created when the unusual occurs (DECNET a lot)
TMP Temporary file (sometimes valuable)
TPU Editor command file
TXT Text library input file (also MAIL output file)
UAF USER AUTHORIZATION FILE
I will comment extensively on UAF files if I decide to type up
another VAX tutorial.
================================================================