AOH :: P18-05.TXT

Hacking CDC's Cyber



                               ==Phrack Inc.==

                     Volume Two, Issue 18, Phile #5 of 11

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
   -=                                                                     =-
   -=               Hacking Control Data Corporation's Cyber              =-
   -=                                                                     =-
   -=               Written by Phrozen Ghost, April 23, 1988              =-
   -=                                                                     =-
   -=                   Exclusively for Phrack Magazine                   =-
   -=                                                                     =-
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  This article will cover getting into and using NOS (Networking Operating
System) version 2.5.2 running on a Cyber 730 computer.  Cybers generally run
this operating system so I will just refer to this environ- ment as Cyber.
Also, Cyber is a slow and outdated operating system that is primarily used
only for college campuses for running compilers.  First off after you have
scanned a bunch of carriers you will need to know how Cyber identifies itself.
It goes like this:

WELCOME TO THE NOS SOFTWARE SYSTEM.
COPYRIGHT CONTROL DATA 1978, 1987.

88/02/16. 02.36.53. N265100
CSUS CYBER 170-730.                     NOS 2.5.2-678/3.
FAMILY:

You would normally just hit return at the family prompt.  Next prompt is:

USER NAME:

Usernames are in the format  abcdxxx  where a is the location of where the
account is being used from (A-Z).  the b is a grouping specifying privs and
limits for the account- usually A-G -where A is the lowest access.  Some
examples of how they would be used in a college system:
A = lowest access - class accounts for students
B = slightly higher than A (for students working on large projects)
C = Much higher limits, these accounts are usually not too hard to get and
    they will normally last a long time!  Lab assistants use these.
D = Instructors, Lecturers, Professors.. etc..
E = same... (very hard to get these!)

The C and D positions are usually constant according to the groupings.
For example, a class would have accounts ranging from NADRAAA-AZZ
                                                          ^^^ ^^^
                                                 These can also be digits

There are also special operator accounts which start with digits instead of
numbers. (ie 7ETPDOC)  These accounts can run programs such as the monitor
which can observe any tty connected to the system...

The next prompt will be for the password, student account passwords cannot be
changed and are 7 random letters by default, other account passwords can be
changed.  You get 3 tries until you are logged out.  It is very difficult if
not impossible to use a brute force hacker or try to guess someone's account..
so how do you get on?  Here's one easy way... Go down to your local college
(make sure they have a Cyber computer!) then just buy a class catalog (they
only cost around 50 cents) or you could look, borrow, steal someone else's...
then find a pascal or fortran class that fits your schedule!  You will only
have to attend the class 3 or 4 times max.  Once you get there you should have
no trouble, but if the instructor asks you questions about why you are not on
the roll, just tell him that you are auditing the class (taking it without
enrolling so it won't affect your GPA).  The instructor will usually pass out
accounts on the 3rd or 4th day of class.. this method also works well with
just about any system they have on campus!  Another way to get accounts is to
go down to the computer lab and start snooping!  Look over someone's shoulder
while they type in their password, or look thru someone's papers while they're
in the bathroom, or look thru the assistants desk while he is helping
someone... (I have acquired accounts both ways, and the first way is a lot
easier with less hassles)  Also, you can use commas instead of returns when
entering username and password.
Example:  at the family prompt, you could type  ,nadrajf,dsfgkcd
                     or at the username prompt   nadrajf,dsfgkcd

After you enter your info, the system will respond with:

JSN: APXV, NAMIAF
/

The 'APXV, NAMIAF' could be different depending on what job you were attached
to.  The help program looks a lot neater if you have vt100 emulation, if you
do, type [screen,vt100] (don't type the brackets! from now on, all commands I
refer to will be enclosed in brackets) Then type help for an extensive
tutorial or a list of commands. Your best bet at this point is to buy a quick
reference guide at the campus because I am only going to describe the most
useful commands. The / means you are in the batch subsystem, there are usually
6 or 7 other subsystems like basic, fortran, etc... return to batch mode by
typing [batch].

Some useful commands:

   CATLIST    -  will show permanent files in your directory.
   ENQUIRE,F  -  displays temporary files in your workspace.
   LIMITS     -  displays your privileges.
   INFO       -  get more on-line help.
   R          -  re-execute last command.
   GET,fn     -  loads fn into the local file area.
   CHANGE     -  change certain specs on a file.
   PERMIT     -  allow other users to use one of your files.
   REWIND,*   -  rewinds all your local files.
   NEW,fn     -  creates new file.
   PURGE      -  deletes files.
   LIST,F=fn  -  list file.
   UPROC      -  create an auto-execute procedure file.
   MAIL       -  send/receive private mail.
   BYE        -  logoff.

Use the [helpme,cmd] command for the exact syntax and parameters of these
commands.  There are also several machine specific 'application' programs such
as pascal, fortran, spitbol, millions of others that you can look up with the
INFO command... there are also the text editors; edit, xedit, and fse (full
screen editor).  Xedit is the easiest to use if you are not at a Telray 1061
terminal and it has full documentation.  Simply type [xedit,fn] to edit the
file 'fn'.

Special control characters used with Cyber:

Control S and Control Q work normally, the terminate character is Control T
followed by a carriage return.  If you wanted to break out of an auto-execute
login program, you would have to hit ^T C/R very fast and repetitively in
order to break into the batch subsystem.  Control Z is used to set environment
variables and execute special low level commands, example: [^Z TM C/R] this
will terminate your connection...

So now you're thinking, what the hell is Cyber good for?  Well, they won't
have any phone company records, and you can't get credit information from one,
and I am not going to tell you how to crash it since crashing systems is a
sin.  There are uses for a Cyber though,  one handy use is to set up a chat
system, as there are normally 30-40 lines going into a large university Cyber
system.  I have the source for a chat program called the communicator that I
will be releasing soon.  Another use is some kind of underground information
exchange that people frequently set up on other systems, this can easily be
done with Cyber.

Procedure files:

A procedure file is similar to a batch file for MS-DOS, and a shell script for
UNIX.  You can make a procedure file auto-execute by using the UPROC command
like [uproc,auto] will make the file 'auto', auto execute.  There is also a
special procedure file called the procfile in which any procedure may be
accessed by simply a - in front of it.  If your procfile read:

.proc,cn.
.*  sample procedure
$catlist/un=7etpdoc.
$exit.

then you could simply type -cn and the / prompt and it would execute the
catlist command.  Now back to uprocs,  you could easily write a whole BBS in a
procedure file or say you wanted to run a chat system and you did not want
people to change the password on your account, you could do this:

.proc,chat,
PW"Password: "=(*A).
$ife,PW="cyber",yes.
   $chat.
   $revert.
   $bye.
$else,yes.
   $note./Wrong password, try again/.
   $revert.
   $bye.
$endif,yes.

This procedure will ask the user for a password and if he doesn't type "cyber"
he will be logged off.  If he does get it right then he will be dumped into
the chat program and as soon as he exits the chat program, he will be logged
off.  This way, the user cannot get into the batch subsystem and change your
password or otherwise screw around with the account.  The following is a
listing of the procfil that I use on my local system, it has a lot of handy
utilities and examples...

----  cut here  ----

.PROC,B.
.******BYE******
$DAYFILE.
$NOTE.//////////////////////////
$ASCII.
$BYE.
$REVERT,NOLIST.
#EOR
.PROC,TIME.
.******GIVES DAY AND TIME******
$NOTE./THE CURRENT DAY AND TIME IS/
$FIND,CLOCK./
$REVERT,NOLIST.
#EOR
.PROC,SIGN*I,IN.
.******SIGN PRINT UTILITY******.
$GET,IN.
$FIND,SIGN,#I=IN,#L=OUT.
$NOTE./TO PRINT, TYPE:   PRINT,OUT,CC,RPS=??/
$REVERT,NOLIST.
#EOR
.PROC,TA.
.******TALK******
$SACFIND,AID,COMM.
$REVERT,NOLIST.
#EOR
.PROC,DIR,UN=,FILE=.
.******DIRECTORY LISTING OF PERMANENT FILES******
$GET(ZZZZDIR=CAT/#UN=1GTL0CL)
ZZZZDIR(FILE,#UN=UN)
$RETURN(ZZZZDIR)
$REVERT,NOLIST.
#EOR
.PROC,Z19.
.******SET SCREEN TO Z19******
$SCREEN,Z19.
$NOTE./SCREEN,Z19.
$REVERT,NOLIST.
#EOR
.PROC,VT.
.******SET SCREEN TO VT100******
$SCREEN,VT100.
$NOTE./SCREEN,VT100.
$REVERT,NOLIST
#EOR
.PROC,SC.
.******SET SCREEN TO T10******
$SCREEN,T10.
$NOTE./SCREEN,T10.
$REVERT,NOLIST
#EOR
.PROC,C.
.******CATLIST******
$CATLIST.
$REVERT,NOLIST.
#EOR
.PROC,CA.
.******CATLIST,LO=F******
$CATLIST,LO=F.
$REVERT,NOLIST.
#EOR
.PROC,MT.
.******BBS******
$SACFIND,AID,MTAB.
$REVERT,NOLIST.
#EOR
.PROC,LI,FILE=.
.******LIST FILE******
$GET,FILE.
$ASCII.
$COPY(FILE)
$REVERT.
$EXIT.
$CSET(NORMAL)
$REVERT,NOLIST. WHERE IS THAT FILE??
#EOR
.PROC,LOCAL.
.******DIRECTORY OF LOCAL FILES******
$RETURN(PROCLIB,YYYYBAD,YYYYPRC)
$GET(QQQFILE=ENQF/UN=1GTL0CL)
QQQFILE.
$REVERT,NOLIST.
$EXIT.
$REVERT. FILES ERROR
#EOR
.PROC,RL.
.******RAISE LIMITS******
$SETASL(*)
$SETJSL(*)
$SETTL(*)
$CSET(ASCII)
$NOTE./ Limits now at max validated levels.
$CSET(NORMAL)
$REVERT,NOLIST.
#EOR
.PROC,CL.
.******CLEAR******
$CLEAR,*.
$CSET(ASCII)
$NOTE./LOCAL FILE AREA CLEARED
$REVERT,NOLIST.
#EOR
.PROC,P,FILE=THING,LST=LIST.
.***********************************************************
$CLEAR.
$GET(FILE)
$PASCAL4,FILE,LST.
$REVERT.
$EXIT.
$REWIND,*.
$CSET(ASCII)
$COPY(LIST)
$CSET(NORMAL)
$REVERT,NOLIST.
#EOR
.PROC,RE.
.******REWIND******
$REWIND,*.
$CSET(ASCII)
$NOTE./REWOUND.
$REVERT,NOLIST.
#EOR
.PROC,FOR,FILE,LST=LIST.
.********************************************************************
$CLEAR.
$GET(FILE)
$FTN5,I=FILE,L=LST.
$REPLACE(LST=L)
$CSET(ASCII)
$REVERT. Fortran Compiled
$EXIT.
$REWIND,*.
$COPY(LST)
$REVERT. That's all folks.
#EOR
.PROC,WAR.
.******WARBLES******
$SACFIND,AID,WAR.
$REVERT,NOLIST.
#EOR
.PROC,M.
.******MAIL/CHECK******
$MAIL/CHECK.
$REVERT,NOLIST.
#EOR
.PROC,MA.
.******ENTER MAIL******
$MAIL.
$REVERT,NOLIST.
#EOR
.PROC,HE,FILE=SUMPROC,UN=.
.******HELP FILE******
$GET,FILE/#UN=UN.
$COPY(FILE)
$REVERT.
$EXIT.
$REVERT,NOLIST.
#EOR
.PROC,DYNAMO.
.******WHO KNOWS??******
$GET,DYNMEXP/UN=7ETPDOC.
$SKIPR,DYNMEXP.
$COPYBR,DYNMEXP,GO.
$FIND,DYNAMO,GO.
$REVERT,NOLIST.
#EOR
#EOR
#EOI

----  cut here  ----

I have covered procfil's fairly extensively as I think it is the most useful
function of Cyber for hackers.  I will be releasing source codes for several
programs including 'the communicator' chat utility, and a BBS program with a
full message base.  If you have any questions about Cyber or you have gotten
into one and don't know what to do, I can be contacted at the Forgotten Realm
BBS or via UUCP mail at ...!uunet!ncoast!ghost.

Phrozen Ghost
===============================================================================

AOH Site layout & design copyright © 2006 AOH