Text
&00
<><><><><><><><><><><><><><><><><><><>
<> <>
<> Breaking into an Express BBS <>
<> <>
<> Broght to you from [_The_Piper_] <>
<> <>
<> And the S.O.D. BBS Network <>
<> <>
<> Distributed by Fawlty Towers BBS <>
<> <>
<> 818-36o-o631 20Megs 3/12/2400bps <>
<> <>
<><><><><><><><><><><><><><><><><><><>
If you have high enough access on
any BBS Express BBS you can get the
Sysop's password without any problems
and be able to log on as him and do
whatever you like. Download the Pass
file, delete the whole BBS, anything.
Its all a matter of uploading a text
file and d/ling it from the BBS. You
must have high enough access to see new
uploads to do this. If you can see a
file you just uploaded you have the
ability to break into the BBS in a few
easy steps.
Why am I telling everyone this
when I run BBS Express myself?
Well there is one way to stop this from
happening and I want other Sysops to be
aware of it and not have it happen to
them.
Breaking in is all based on the
MENU function of BBS Express. Express
will let you create a menu to display
different text files by putting the
word MENU at the top of any text file
and stating what files are to be
displayed. But due to a major screw up
by Mr. Ledbetter you can use this MENU
option to display the USERLOG and the
Sysop's Passwords or anything else you
like. I will show you how to get the
Sysop's pass and therefore log on as
the Sysop.
BBs Express Sysop's have 2
passwords. One like everyone else gets
in the form of X1XXX, and a Secondary
password to make it harder to hack out
the Sysops pass. The Secondary pass is
found in a file called SYSDATA.DAT.
This file must be on drive 1 and is
therefore easy to get. All you have to
do is upload this simple Text file:
MENU
1
D1:SYSDATA.DAT
[1] Ripoff time!
after you upload this file you d/l it
non-Xmodem. Stupid Express thinks it is
displaying a menu and you will see
this:
[1] Ripoff time!
Selection [0]:
Just hit 1 and Express will display the
SYSDATA.DAT file. It will look like
this:
SYSOPPASS
D1:USERLOG.D
AT
D1:USERLOG.IDX
D1:
�D6:HELP>
D8:LOG.
DDS0000011111000000000000000000001
D6:UP>ES>
�D6:DOWN>>
D8:
DOWN>
D8:
SYSOPPASS is where the Sysop's
Secondary pass will be.
D1:USERLOG.DAT is where you will find
the name and Drive number of the
USERLOG.DAT file. The Sysop might have
renamed this file or put it in a
Subdirectory or even on a different
drive. I Will Assume he left it as
D1:USERLOG.DAT. The other parts of this
file tell you where the .HLP screens
are and where the LOG is saved and all
the Download path names.
Now to get the Sysop's primary pass you
upload a text file like this:
MENU
1
D1:USERLOG.DAT
[1] Breaking into Bedwetter's BBS
Again you then d/l this file non-Xmodem
and you will see:
[1] Breaking into Bedwetter's BBS
Selection [0]:
You then hit 1 and the long
USERLOG.DAT file comes flying at you.
The Sysop is the first entry in this
very long file so it is easy. You will
see:
SYSOP'S NAME X1XXX
THE
CITY
CA 000-000-0000�12/23/57 | '
'
X1XXX is the Sysops Primary pass word.
You now can call back as the Sysop as
you have his 2 passwords.
There is only one easy way out of
this that I can think of, and that is
to make all new uploads go to SYSOP
level (Level 9) access only. This way
nobody can pull off what I just
explained.
I feel this is a major Bug on Mr.
Ledbetter's part. I just don't know why
no one had thought of it before.
I would like to give credit to
Redline for the message he left on
Modem Hell telling about this problem,
and also to Unka for his ideas and
input about correcting it.
This has been brought to you from
[_The_Piper_] and the S.O.D. BBS
Network!
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
