TUCoPS :: Antique Systems :: hp2000.txt

Hacking the HP2000
 

                             = HACKING THE HP2000 =



PREFACE
-------

The purpose of this tutorial is to give potential hackers useful information
about Hewlett-Packard's HP2000 systems. The following notation will be used
throughout this tutorial:
<CR> - carriage return, RETURN, ENTER, etc.
ÝC   - a control character (control-C in example)
CAPITAL LETTERS - computer output & user input


SYSTEM INFORMATION
------------------

Each HP2000 system can support up to 32 users in a time shared BASIC (TSB)
environment. The systems usually run a version of Hewlett Packard's
Timeshared/BASIC 2000 (various levels).


LOGON PROCEDURE
---------------

Once connected to a HP2000, type a numeral followed by a <CR>. The system 
should respond with: PLEASE LOG IN. If it does not immediately respond keep on
trying this procedure until it does (they tend to be slow to respond).

User ID: The user id consists of a letter followed by 3 digits, eg, H241.

Password: The passwords are from 1 to 6 printing and/or non-printing (control)
characters. The following characters will NOT be found in any passwords so 
don't bother trying them: line delete (ÝX), null (Ý@), return (ÝM), linefeed
(ÝJ), X-OFF (ÝS), rubout, comma, space, back-arrow, and underscore. HP also
suggests that ÝE is not used in passwords (but I have seen it done!).

The logon format is:  HELLO-A123,PASSWD


              Where:  HELLO is the login command.  It may be abbreviated
to HEL.
                      A123 is the user id
                      PASSWD is the password.

The system will respond with either ILLEGAL FORMAT or ILLEGAL ACCESS depending
upon whether you screwed up the syntax or it is an invalid user id or password.
The messages: PLEASE LOG IN, ILLEGAL FORMAT, & ILLEGAL ACCESS also help you
identify HP2000 systems.

The system may also respond with ALL PORTS ARE BUSY NOW - PLEASE TRY AGAIN
LATER or a similar message. One other possibility is NO TIME LEFT which means
that they have used up their time limit without paying.

Unlike other systems where you have a certain amount of tries to login, the
HP2000 system gives you a certain time limit to logon before it dumps you. The
system default is 120 seconds (2 minutes).  The sysop can change it to be
anywhere between 1 and 255 seconds, though.  In my experience, 120 seconds
is sufficient time for trying between 20-30 logon attempts while hand-hacking &
a much higher amount when using a hacking program.


USERS
-----

The various users are identified by their user id (A123) & password.  Users are
also identified by their group. Each group consists of 100 users. for example,
A000 through A099 is a group, A100 through A199 is another group, & Z900
through Z999 is the last possible group.  The first user id in each group is 
designated as the Group Master & he hacertain privileges.  For example, A000,
A100,...H200..., & Z900 are all group masters. The user id A000 is known as the
System Master & he has the most privileges (besides the hardwired sysop
terminal).  The library associated with user Z999 can be used to store a HELLO
program which is executed each time someone logs on.

So, the best thing to hack on an HP2000 system is the System Master (A000)
account.  It is also the only user id that MUST be on the system.  He logs on
by typing:
HEL-A000,PASSWD.  You just have to hack out his password.  If you decide to
hack Z999, you can create or change the HELLO program to give every user your
own personal message every time he logs on!  This is about all you can do with
Z999 since it is otherwise a non-privileged account.


LIBRARY ORGANIZATION
--------------------

Each user has access to 3 levels of libraries:  his own private library, a
group library, and the system library.  To see what is in these libraries you
would type:  CATalog, GROup, and LIBrary respectively (all commands can be 
abbreviated to the first 3 letters).  The individual user is responsible for
his own library and maintaining all the files.  If a program is in your
CATALOG, then you can change it.


[Group Masters]

Group Masters (GM) are responsible for controlling all programs in the Group
libraries.  Only members of the group can use these programs.  These are viewed
by typing GROUP.  For example, user S500 controls all programs in the Group
library of all users beginning with S5xx.  Other users in the group CANNOT
modify these programs.  All programs in the group library are also in the Group
Masters private library (CATALOG), therefore he can modify them!  The Group
Master also has access to 2 privileged commands.  They are: PROtect and
UNProtect.  With PROTECT, the Group Master can render a program so it cannot be
LISTed, SAVed, CSAved, PUNched to paper tape, or XPUnched.  For example, if the
GM typed PRO-WUMPUS, other users in the group would not be able to list it. 
The GM can remove these restriction with the UNProtect command.

[System Master]

There is exactly one System Master (SM) and his user id is A000.  He can
PROTECT and UNPROTECT programs in the System Library.  All users have access to
these files by typing LIBRARY to view them.  Only the System Master can modify
these files since his private library & group library constitute the System
Library. The SM also has access to other privileged commands such as:
     DIRECTORY:  this command will printout all files and programs stored on thesystem according to users.  DIR will print out the entire directory.  DIR-S500 will start listing the directory with user S500.
example:

DIR
   BOCES ED 1   053/84   1243

 ID   NAME   DATE   LENGTH   DISC     DRUM
A000 ALPHA  043/84   00498  001384
     BCKGMN 053/84   04564  001526
     FPRINT 053/84   00567  002077
     STOCK  038/84   04332  002753
     TFILE  020/83 F 00028  002804
     WUMPUS 053/84 P 02636  003142
B451 BLJACK 316/75   03088  011887
     GOLF   316/75   02773  011911
S500 GIS    050/84 C 03120  019061
     GISCL4 050/84 F 03741  022299
Z999 HELLO  021/84   00058  011863

In this example, the system name is BOCES ED 1.  The date of the printout is
the 53rd day of 1984 (053/84) and the time is 12:43 (24-hr).  The files
appearing under A000 are those in the system library.  The DATE associated with
the program is the date it was last referenced.  The LENGTH is how long it is
in words.  DISC refers to its storage block location.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH