|
==Phrack Inc.== Volume Two, Issue 18, Phile #5 of 11 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -= =- -= Hacking Control Data Corporation's Cyber =- -= =- -= Written by Phrozen Ghost, April 23, 1988 =- -= =- -= Exclusively for Phrack Magazine =- -= =- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This article will cover getting into and using NOS (Networking Operating System) version 2.5.2 running on a Cyber 730 computer. Cybers generally run this operating system so I will just refer to this environ- ment as Cyber. Also, Cyber is a slow and outdated operating system that is primarily used only for college campuses for running compilers. First off after you have scanned a bunch of carriers you will need to know how Cyber identifies itself. It goes like this: WELCOME TO THE NOS SOFTWARE SYSTEM. COPYRIGHT CONTROL DATA 1978, 1987. 88/02/16. 02.36.53. N265100 CSUS CYBER 170-730. NOS 2.5.2-678/3. FAMILY: You would normally just hit return at the family prompt. Next prompt is: USER NAME: Usernames are in the format abcdxxx where a is the location of where the account is being used from (A-Z). the b is a grouping specifying privs and limits for the account- usually A-G -where A is the lowest access. Some examples of how they would be used in a college system: A = lowest access - class accounts for students B = slightly higher than A (for students working on large projects) C = Much higher limits, these accounts are usually not too hard to get and they will normally last a long time! Lab assistants use these. D = Instructors, Lecturers, Professors.. etc.. E = same... (very hard to get these!) The C and D positions are usually constant according to the groupings. For example, a class would have accounts ranging from NADRAAA-AZZ ^^^ ^^^ These can also be digits There are also special operator accounts which start with digits instead of numbers. (ie 7ETPDOC) These accounts can run programs such as the monitor which can observe any tty connected to the system... The next prompt will be for the password, student account passwords cannot be changed and are 7 random letters by default, other account passwords can be changed. You get 3 tries until you are logged out. It is very difficult if not impossible to use a brute force hacker or try to guess someone's account.. so how do you get on? Here's one easy way... Go down to your local college (make sure they have a Cyber computer!) then just buy a class catalog (they only cost around 50 cents) or you could look, borrow, steal someone else's... then find a pascal or fortran class that fits your schedule! You will only have to attend the class 3 or 4 times max. Once you get there you should have no trouble, but if the instructor asks you questions about why you are not on the roll, just tell him that you are auditing the class (taking it without enrolling so it won't affect your GPA). The instructor will usually pass out accounts on the 3rd or 4th day of class.. this method also works well with just about any system they have on campus! Another way to get accounts is to go down to the computer lab and start snooping! Look over someone's shoulder while they type in their password, or look thru someone's papers while they're in the bathroom, or look thru the assistants desk while he is helping someone... (I have acquired accounts both ways, and the first way is a lot easier with less hassles) Also, you can use commas instead of returns when entering username and password. Example: at the family prompt, you could type ,nadrajf,dsfgkcd or at the username prompt nadrajf,dsfgkcd After you enter your info, the system will respond with: JSN: APXV, NAMIAF / The 'APXV, NAMIAF' could be different depending on what job you were attached to. The help program looks a lot neater if you have vt100 emulation, if you do, type [screen,vt100] (don't type the brackets! from now on, all commands I refer to will be enclosed in brackets) Then type help for an extensive tutorial or a list of commands. Your best bet at this point is to buy a quick reference guide at the campus because I am only going to describe the most useful commands. The / means you are in the batch subsystem, there are usually 6 or 7 other subsystems like basic, fortran, etc... return to batch mode by typing [batch]. Some useful commands: CATLIST - will show permanent files in your directory. ENQUIRE,F - displays temporary files in your workspace. LIMITS - displays your privileges. INFO - get more on-line help. R - re-execute last command. GET,fn - loads fn into the local file area. CHANGE - change certain specs on a file. PERMIT - allow other users to use one of your files. REWIND,* - rewinds all your local files. NEW,fn - creates new file. PURGE - deletes files. LIST,F=fn - list file. UPROC - create an auto-execute procedure file. MAIL - send/receive private mail. BYE - logoff. Use the [helpme,cmd] command for the exact syntax and parameters of these commands. There are also several machine specific 'application' programs such as pascal, fortran, spitbol, millions of others that you can look up with the INFO command... there are also the text editors; edit, xedit, and fse (full screen editor). Xedit is the easiest to use if you are not at a Telray 1061 terminal and it has full documentation. Simply type [xedit,fn] to edit the file 'fn'. Special control characters used with Cyber: Control S and Control Q work normally, the terminate character is Control T followed by a carriage return. If you wanted to break out of an auto-execute login program, you would have to hit ^T C/R very fast and repetitively in order to break into the batch subsystem. Control Z is used to set environment variables and execute special low level commands, example: [^Z TM C/R] this will terminate your connection... So now you're thinking, what the hell is Cyber good for? Well, they won't have any phone company records, and you can't get credit information from one, and I am not going to tell you how to crash it since crashing systems is a sin. There are uses for a Cyber though, one handy use is to set up a chat system, as there are normally 30-40 lines going into a large university Cyber system. I have the source for a chat program called the communicator that I will be releasing soon. Another use is some kind of underground information exchange that people frequently set up on other systems, this can easily be done with Cyber. Procedure files: A procedure file is similar to a batch file for MS-DOS, and a shell script for UNIX. You can make a procedure file auto-execute by using the UPROC command like [uproc,auto] will make the file 'auto', auto execute. There is also a special procedure file called the procfile in which any procedure may be accessed by simply a - in front of it. If your procfile read: .proc,cn. .* sample procedure $catlist/un=7etpdoc. $exit. then you could simply type -cn and the / prompt and it would execute the catlist command. Now back to uprocs, you could easily write a whole BBS in a procedure file or say you wanted to run a chat system and you did not want people to change the password on your account, you could do this: .proc,chat, PW"Password: "=(*A). $ife,PW="cyber",yes. $chat. $revert. $bye. $else,yes. $note./Wrong password, try again/. $revert. $bye. $endif,yes. This procedure will ask the user for a password and if he doesn't type "cyber" he will be logged off. If he does get it right then he will be dumped into the chat program and as soon as he exits the chat program, he will be logged off. This way, the user cannot get into the batch subsystem and change your password or otherwise screw around with the account. The following is a listing of the procfil that I use on my local system, it has a lot of handy utilities and examples... ---- cut here ---- .PROC,B. .******BYE****** $DAYFILE. $NOTE.////////////////////////// $ASCII. $BYE. $REVERT,NOLIST. #EOR .PROC,TIME. .******GIVES DAY AND TIME****** $NOTE./THE CURRENT DAY AND TIME IS/ $FIND,CLOCK./ $REVERT,NOLIST. #EOR .PROC,SIGN*I,IN. .******SIGN PRINT UTILITY******. $GET,IN. $FIND,SIGN,#I=IN,#L=OUT. $NOTE./TO PRINT, TYPE: PRINT,OUT,CC,RPS=??/ $REVERT,NOLIST. #EOR .PROC,TA. .******TALK****** $SACFIND,AID,COMM. $REVERT,NOLIST. #EOR .PROC,DIR,UN=,FILE=. .******DIRECTORY LISTING OF PERMANENT FILES****** $GET(ZZZZDIR=CAT/#UN=1GTL0CL) ZZZZDIR(FILE,#UN=UN) $RETURN(ZZZZDIR) $REVERT,NOLIST. #EOR .PROC,Z19. .******SET SCREEN TO Z19****** $SCREEN,Z19. $NOTE./SCREEN,Z19. $REVERT,NOLIST. #EOR .PROC,VT. .******SET SCREEN TO VT100****** $SCREEN,VT100. $NOTE./SCREEN,VT100. $REVERT,NOLIST #EOR .PROC,SC. .******SET SCREEN TO T10****** $SCREEN,T10. $NOTE./SCREEN,T10. $REVERT,NOLIST #EOR .PROC,C. .******CATLIST****** $CATLIST. $REVERT,NOLIST. #EOR .PROC,CA. .******CATLIST,LO=F****** $CATLIST,LO=F. $REVERT,NOLIST. #EOR .PROC,MT. .******BBS****** $SACFIND,AID,MTAB. $REVERT,NOLIST. #EOR .PROC,LI,FILE=. .******LIST FILE****** $GET,FILE. $ASCII. $COPY(FILE) $REVERT. $EXIT. $CSET(NORMAL) $REVERT,NOLIST. WHERE IS THAT FILE?? #EOR .PROC,LOCAL. .******DIRECTORY OF LOCAL FILES****** $RETURN(PROCLIB,YYYYBAD,YYYYPRC) $GET(QQQFILE=ENQF/UN=1GTL0CL) QQQFILE. $REVERT,NOLIST. $EXIT. $REVERT. FILES ERROR #EOR .PROC,RL. .******RAISE LIMITS****** $SETASL(*) $SETJSL(*) $SETTL(*) $CSET(ASCII) $NOTE./ Limits now at max validated levels. $CSET(NORMAL) $REVERT,NOLIST. #EOR .PROC,CL. .******CLEAR****** $CLEAR,*. $CSET(ASCII) $NOTE./LOCAL FILE AREA CLEARED $REVERT,NOLIST. #EOR .PROC,P,FILE=THING,LST=LIST. .*********************************************************** $CLEAR. $GET(FILE) $PASCAL4,FILE,LST. $REVERT. $EXIT. $REWIND,*. $CSET(ASCII) $COPY(LIST) $CSET(NORMAL) $REVERT,NOLIST. #EOR .PROC,RE. .******REWIND****** $REWIND,*. $CSET(ASCII) $NOTE./REWOUND. $REVERT,NOLIST. #EOR .PROC,FOR,FILE,LST=LIST. .******************************************************************** $CLEAR. $GET(FILE) $FTN5,I=FILE,L=LST. $REPLACE(LST=L) $CSET(ASCII) $REVERT. Fortran Compiled $EXIT. $REWIND,*. $COPY(LST) $REVERT. That's all folks. #EOR .PROC,WAR. .******WARBLES****** $SACFIND,AID,WAR. $REVERT,NOLIST. #EOR .PROC,M. .******MAIL/CHECK****** $MAIL/CHECK. $REVERT,NOLIST. #EOR .PROC,MA. .******ENTER MAIL****** $MAIL. $REVERT,NOLIST. #EOR .PROC,HE,FILE=SUMPROC,UN=. .******HELP FILE****** $GET,FILE/#UN=UN. $COPY(FILE) $REVERT. $EXIT. $REVERT,NOLIST. #EOR .PROC,DYNAMO. .******WHO KNOWS??****** $GET,DYNMEXP/UN=7ETPDOC. $SKIPR,DYNMEXP. $COPYBR,DYNMEXP,GO. $FIND,DYNAMO,GO. $REVERT,NOLIST. #EOR #EOR #EOI ---- cut here ---- I have covered procfil's fairly extensively as I think it is the most useful function of Cyber for hackers. I will be releasing source codes for several programs including 'the communicator' chat utility, and a BBS program with a full message base. If you have any questions about Cyber or you have gotten into one and don't know what to do, I can be contacted at the Forgotten Realm BBS or via UUCP mail at ...!uunet!ncoast!ghost. Phrozen Ghost ===============================================================================