|
ShadowSpawn BBS Presents... INSIDE RSTS/E VOL. II INSIDE RSTS/E ------------- by: THE MARAUDER THE COUNCIL OF THE FEDERATION In this volume, i will discuss some of the basic bugs in RSTS/E that can be used to your advantage (and to others dis-advantage).., I will assume you have read my first part on rsts/, or have a working knowlege of the basic system commands, and that you already have aquired a valid account.. 1) FREE SPACE What is free space?, Well on -all- rsts/e systems, there is a portion of the disk, assigned to 'free space', what basically is, is space free for the saving of files, when you issue a save, or open command, rsts/e simply grabs however many blocks are needed from this space, and stores your file there, then this space is marked as being 'unavailable'. When you delete, or kill a file the exact opposite happens, rsts/e moves a few pointers, which mark this space as 'available, (or free)' space, leaving the entire file 99% of the time totally intact!!. Here is an algorythym for a program to read free space: 10 open 'file.ext' as file 1% 20 put #1%,record XXXXX% 30 close 1% 40 end where: file.ext = any valid filename you want the free space to be placed in. XXXXX% = any integer between 1 and 32767 inclusive, telling how many blocks of free space you wish transferred into 'file.ext'. for example, if i wanted to read 500 blocks of free space into a file called "free.spc" i would write my program as follows: 10 open "free.spc" as file 1% 20 put #1%,record 500% 30 close 1% 40 end Now in my directory would be the file 'free.spc' holding 500 blocks of free space.. you can now simply pip, teco, etdt.. or any text editor to examine the contents of this file.. whatever was deleted in the past few hours will usually be 99% intact this includes BASIC programs, any ascii text files (compiled code is untranslatable si it's useless). This is especially usefull at schools in the beginning or end of year when the administration is deleting and creating new accounts.. o NOTE: You (and anyone else) can prevent files from going to free space in a readable format. when deleting as file, prog, etc.. use the following.. pip prog.ext/wo/lo (on rsts/e v6.00 and earlier) pip prog.ext/de/er (on rsts/e v7.00 and later ) what this does in effect is tell pip to 'write zeroes' over the entire file before releasing it to free space.. (few persons know to use this, and fewer still ever use it!!) 2) PROGRAMS WITH 'HOLES' IN THEM on most systems there are usually a few programs that have holes in t that can be used to your advantage.. here are a few i have found.. if the system you are hacking supports a 'basic +2' runtime system (prompts with 'well??' from the basic keyboard monitor (from 'Ready').. sw bp2com esp ^Z (controll Z) this is a ledgendary bug in the older versions of rsts/e, what is basically does is switch to basic plus 2 as the default keyboard monitor, executes the ccl that envokes the RPG editor (esp), then controll z's (exits) out of it leaving FULL PRIVLIGES INTACT !!!, so you can run any program on the system! another big hole i have found, is in the program '(1,2)rpgdmp.tsk', which is a rpg ascii dump program, used for dumping rpg source code and checking for stray controll char's that have a way of getting into rpg source and playing hell with the compiler.. to use it simply try: run (1,2)rpgdmp it will ask you for a file name, then output device.. well you can give it any file name on the system (like $acct.sys), and it will be dumped to whatever output device you selected!!! (screen, lp:, disk) UNTIL THE NEXT VOLUME...... dial with care.. The Marauder sysops are free to use this, as long as nothing is changed. ------------------------------------------------------------------------------ Presented by: The Council of the FEDERATION ------------------------------------------------------------------------------ @ (C) 1985, THE MARAUDER