|
ShadowSpawn BBS Presents.. ------------------------------------------------------------------------------- INSIDE RSTS/E VOLUME IV ------------------------ By: The Marauder The Legion of Hackers ! The information in this document is intended for informational purposes only Written - December 11, 1984. Zone communications, LOH ------------------------------------------------------------------------------- In this document, I will describe how to create, delete, and edit accounts, and how to modify the System Account file to help escape detection I will assume for the most part, that you have read my earlier files on RSTS/E and/or have a working knowledge of the RSTS/E Runtime System. 1) CREATING ACCOUNTS. On all versions of RSTS/E lower than V9, the system manager uses a program called 'REACT', to create new accounts, and to remove old ones. REACT resides normally in the system library account (1,2), under the name 'REACT.BAC', or 'REACT.TSK', depending on who installed the system. If you don't find it in (1,2), do a 'DIR(*,*)REACT.*', And find out where It's been moved to. To run the program, you must have privleges, (run it from a (1,*) account). Usage of the program is as follows: (from 'Ready') RUN $REACT REACT V7.2-04 RSTS V7.2-04 LOD/H TIMESHARING SYSTEM ACCOUNT MANAGER FUNCTION? E PROJ,PROG? 1,233 DISK:PASSWORD? LOH QUOTA? 0 CLUSTER SIZE? 16 ACCOUNT NAME? LOH USERS PROJ,PROG? ^Z READY DESCRIPTION OF OPTIONS: Function? - This is where you specify whether you are deleting, or creating an account it can be one of two choices: 1) E= E)NTER/CREATE an Account. 2) D = D)elete an account. NOTE: When deleting an account, the account must be completely empty (use 'PIP (P,PN)/ZE), Otherwise the error message '?Account in use..' Will result. Proj,Prog? This is where you enter the Project-Programmer number of the account, you wish to create (or delete), it must be two numbers between 1, and 255 (inclusivley), seperated by a comma. (Ie. 1,33 - 50,50 - 2,20 - Etc..) If you are deleting an account, it should be the PPN of the account you wish to delete. Password? This is where you enter the password you want assigned to tha account, enter the password in the format: "XXXXXX" where "XXXXXX" = 1 to 6 upper case letters, or numbers, or a combination of both.. (Ie. LOD1, 1234, A1B2C, etc..) NOTE: Some versions of REACT will respond with 'Disk:password?', Allowing you to specify which disk you want the account to be created on, and it's password. In either case, just enter the password, and ignore the disk qualifier, since you can only log into accounts that reside on the system (SY:) disk, it's for the most part useless to create an Account on say 'DB1:', unless you wish to use it for storage purposes only. If you have reason to create an account on any other disk than the system disk, you would use the format: "Disk:password? DB1:PASSWD". To access this account, you will either Have to be in a privleged account (thus allowing you access to any other account on the system, or be logged into a 'mirror' account on the system disk, for example, say you created an account DB1:(40,40), to acess this, would have to be logged into account SY:(40,40), to modify anything in the account DB1:(40,40). In any case, if you recieve the 'Disk:password? Prompt, and wish to create an account on the system disk, (one that you can actually log into, just enter the password you have selected. Quota? This is where you set the maximum size of disk space (in blocks) That the account can have. It can be from 0 to 32767, (inclusivly). Selecting a Quota size of '0' (zero), gives the account unlimited space. Cluster size? This must match the clustersize of the system disk, it can be 4,8, or 16, (16 being the most common), you can find the system clustersize by using the 'SYSTAT' command, or if that is unavailable, use trial and error, if the clustersize you enter at this point does not correspond with the system cluster size, an error message will result, so just try tne next size up until it matches. Account name? This is a symbolic 'Account name', that is basically not used anywhere except in the file '$ACCT.SYS' (which will be discussed in detail later), you can give it any name you want, for the above example I used the name 'LOD USERS', in reality I would probably just hit <c/r> at this question, thus giving it no name. If the above questions were answered with valid responses, REACT would now create the specified account (1-6 seconds, depending on the system performance) And a description of the account (PPN, Disk, Password, etc.. ), Will be entered into the file '$ACCT.SYS'. NOTE: When using the 'D - Delete' command, you will be asked only the following FUNCTION? D PROJ,PROG? 30,30 DISK? SY: 'D' being the 'DELETE' specification, "30,30" being the account you wish to delete, and "SY:" being the disk that account (30,30) currently exists on. If the account was empty, REACT would remove this account. (Although refrence to the account, will still exist in the file '$ACCT.SYS') In both cases (after the account has been Created, or Deleted), REACT will return to: "Proj,Prog?", If you have additional accounts to Create, or Delete, you can enter them now, if you are done, hit "^Z" (control Z) to exit. 2) DESCRIPTION OF THE SYSTEM ACCOUNT FILE ($ACCT.SYS). The file '(1,2)ACCT.SYS', is the System Account file. It is a file that contains descriptions of the accounts that are on the system, such as the Account Name, it's Password, etc.. Contrary to popular beleif, it is -NOT- where RSTS/E looks to find the Password & other information, when a Person is logging in. It is simply a symbolic file, used by the System Manager to help keep track of what accounts are being used. It is a standard ASCII file, that is opened in 'APPEND' mode when REACT is used to create a file. It is quite useful for obtaining other accounts, especially if you are a Non-Privleged user, and have found a program on the system that will allow you to dump files anywhere (such as some versions of $RPGDMP.TSK) You would simply dump this file, it should look something like this: 1, 1,SY:DEMO ,0,16,SYSM 0, 1,SY:SYSPAK,0,16 1, 2,SY:DEMO ,0,16,SYSTEM LIBRARY 1, 3,SY:AUXLIB,0,16,AUXILLIARY LIBRARY 30,10,DB1:TEMP ,0,16,TEMPORARY STORAGE 50,10,SY:KEVIN ,1000,16,KEVIN'S ACCOUNT ETC.. Column 1 - is the account # (PPN) 2 - the disk the account resides on, and the account's password. 3 - Is the the accounts Quota (see above) 4 - the accounts Clustersize. 5 - The account's Symbolic name. 1, 1 - Tells you that this is the description of account (1,1). SY:DEMO - tells you that the password to account (1,1) is 'DEMO', and that it resides on the system (SY:) disk, thus you can actually log into it. 0 - Say's that the the Quota for account (1,1) is '0' (unlimited) 16 - The Clustersize for account (1,1) is 16. SYSM - is the symbolic name for account (1,1), this is the only place I have actually seen the 'Symbolic Name' actually refrenced to. It has no other use than to help the System Manager determine what purpose the account serves (while looking through $ACCT.SYS), it is most often used in school systems, where the Student's name, who is the owner of said account, would be used for it's symbolic name. MISC NOTES ABOUT REACT & $ACCT.SYS - As I said above, every time an account is created using 'REACT', an entry is made into $ACCT.SYS. When an account is deleted though, REACT -DOES NOT- Remove the entry from ACCT.SYS, so if you were to make 10 accounts then remove them, refrence to them would STILL exist in ACCT.SYS, Which would Immediatly raise the suspicion of even the most naieve System Manager next time He took a look into ACCT.SYS. Fortunatly the file $ACCT.SYS, is a standard ASCII file, so you can use any text editor available on the system to actually Remove the entries in it. Simply 'TECO $ACCT.SYS', and search for the account's and delete the entire line. NOTE 1 - I would also advise editing $ACCT.SYS, after you create -ANY- account (Ones that you wish to be permanent), this makes your account a little less obvious, and unless a System Manager either sees you on the system or happens to do a "DIR (*,*)" and by luck notices it. He will not find refrence to it in $ACCT.SYS. NOTE 2 - The information in $ACCT.SYS is NOT alway's 100% accurate, for example if the password to an account is changed (with UTILTY, or a custom program - to be discussed in a future volume), this DOES NOT update the information in $ACCT.SYS. This is especially common in schools Where the students are assigned a standard password, and encouraged to change it as soon as possible. Fortunatly though, the privleged accounts's are not changed as often, and you can usually come up with at the worst, one privleged account/password, and use the program "(1,2)MONEY", or a small user written program to find every password on the System. Here is a small program that will display the password for any account, given The PPN (accout number). It does of course, require privleges to run. 1 ! LOGPAS - V1.0-00 2 ! AUTHOR - THE MARAUDER 3 ! COPYRIGHT (C) - 1985,86,87 - LOH COMMUNICATIONS. 4 ! 5 EXTEND 10 ON ERROR GOTO 500 20 DIM M%(30%) : DIM T%(30%) 30 INPUT 'ACCOUNT NUMBER (P,PN) ';PROJ%,PROG% 40 M%(I%)=0% FOR I% = 1% TO 30% 45 T%(I%)=0% FOR I% = 1% TO 30% 50 M%(0%) = 9% 55 M%(1%) = 6% 60 M%(2%) = 14% 65 M%(7%) = PROG% 79 M%(8%) = PROJ% 80 CHANGE M% TO M$ 85 T$ = SYS(M$) 90 CHANGE T$ TO T% 95 PSW$ = RAD$(T%(9%)+SWAP%((T%(10%)))+RAD$(T%(11%)+SWAP%(T%(12%))) 100 PRINT 'PASSWORD = ';PSW$ 110 GOTO 30 500 PRINT 'INVALID ACCOUNT NUMBER - ';PROJ;',';PROG 32766 NO EXTEND 32767 END To use this program, simply type it in at the RSTS/E BASIC parser (at 'Ready'), or upload (as an ASCII file, the above program, directly to the RSTS/E BASIC parser. And type 'RUN', it will ask you for an account (PROJ,PROG?), enter the account you want the password for, and it will be printed out. Use ^C (control C) to exit from the program. That's about it for this issue, until the next volume, Dial with care... The Marauder ------------------------------------------------------------------------------- This Document, is the property of the Legion of Hackers as a whole. Sysops are free to use it, as long as nothing is changed. Any questions, comments, or corrections, can be made directly to me, at my BBS, The Twilight Zone, or to any member of the Legion of Hackers. ===============================================================================