prev
next
out of 5

A Novice's Guide to Hacking

  • Upload
    sai-tun

  • View
    214

  • Download
    0

Embed Size (px)

Citation preview

  • 8/3/2019 A Novice's Guide to Hacking

    1/5

    This file is an addendum to "A Novice's Guide To Hacking" written by "The

    Mentor". The word "hacking" is here used the way the non-hacking publicthinks it is used, to mean breaking into somebody else's computer. Itspurpose is to expand and clarify the information about the TOPS-20 operati

    ngsystem, which runs on DECsystem-20 mainframes. The Mentor basically lumpedthis system in with TOPS-10 and didn't note important differences betweenthetwo. I will here reproduce in full what The Mentor had to say about TOPS-10and about VMS, which are the parent and the offspring of TOPS-20.

    VMS- The VAX computer is made by Digital Equipment Corporation (DEC),and runs the VMS (Virtual Memory System) operating system.VMS is characterized by the 'Username:' prompt. It will not tellyou if you've entered a valid username or not, and will disconnectyou after three bad login attempts. It also keeps track of allfailed login attempts and informs the owner of the account next times/he logs in how many bad login attempts were made on the account.

    It is one of the most secure operating systems around from the

    outside, but once you're in there are many things that you can doto circumvent system security. The VAX also has the best set ofhelp files in the world. Just type HELP and read to your heart'scontent.Common Accounts/Defaults: [username: password [[,password]] ]SYSTEM: OPERATOR or MANAGER or SYSTEM or SYSLIBOPERATOR: OPERATORSYSTEST: UETPSYSMAINT: SYSMAINT or SERVICE or DIGITAL

    FIELD: FIELD or SERVICEGUEST: GUEST or unpasswordedDEMO: DEMO or unpasswordedDECNET: DECNET

    DEC-10- An earlier line of DEC computer equipment, running the TOPS-10

    operating system. These machines are recognized by their

  • 8/3/2019 A Novice's Guide to Hacking

    2/5

    '.' prompt. The DEC-10/20 series are remarkably hacker-friendly,allowing you to enter several important commands without everlogging into the system. Accounts are in the format [xxx,yyy] where

    xxx and yyy are integers. You can get a listing of the accounts and

    the process names of everyone on the system before logging in withthe command .systat (for SYstem STATus). If you seen an accountthat reads [234,1001] BOB JONES, it might be wise to try BOB orJONES or both for a password on this account. To login, you type.login xxx,yyy and then type the password when prompted for it.The system will allow you unlimited tries at an account, and doesnot keep records of bad login attempts. It will also inform youif the UIC you're trying (UIC = User Identification Code, 1,2 forexample) is bad.

    Common Accounts/Defaults:1,2: SYSLIB or OPERATOR or MANAGER2,7: MAINTAIN5,30: GAMES

    **** note: I'm remembering this stuff from several years ago, and in somecases my memory may be foggy or stuff may be outdated.

    TOPS-20, once you are inside, resembles VMS much more than it resembles

    TOPS-10, as far as I know (I'm not really familiar with VMS). From theoutside, it's more like TOPS-10, except that the prompt is a @ instead of aperiod. You can enter many commands without logging in, including SYSTAT andprobably FINGER. (Sometimes you can even use the mail program without

    logging in.) It is very helpful. Not only does the command HELP lead tolots of useful information, but anywhere in typing a command you can press?

    and it will tell you what the format of the command expects. For instance,if you type ? by itself, it will tell you all the words that a command canbegin with. If you type S?, it will tell you all the commands that startwith the letter S. If you type SYSTAT ?, it will tell you the optionsavailable on the systat command. You can use this at any point in anycommand. Furthermore, if there is only one possibility (you have typed aunique abbreviation), you can press Escape and it will finish the word foryou. I'm not sure, but I think TOPS-20 was the system that first introducedfilename completion as well --turning a uniquely abbreviated filename into

  • 8/3/2019 A Novice's Guide to Hacking

    3/5

  • 8/3/2019 A Novice's Guide to Hacking

    4/5

    elittle defense here. But you might not know how much defense until too late.

    Do try the GUEST username.

    But TOPS-20 can be very vulnerable to trojan horses. See, there's this thing

    called the Wheel bit. A username that has the Wheel property can do anythingthe system operator can do, such as ignore file protection masks, edit thedisks at the track/sector level, change any area of memory... On Unix, onlyone user, the superuser, can read and write protected files. On TOPS-20, any

    user can do these things from any terminal, if the Wheel attribute is set inhis user data. Some campus computers tend to accumulate excess trusted userswith wheel bits, and have to periodically prune away the unnecessary ones.

    The thing is that a wheel can do these things without knowing that he hasdone them. Normally the privileged commands are deactivated. But a programrun by a wheel can activate the privileges, do anything it wants, cover itstracks, and deactivate them without the user ever being the wiser. So if you

    can get any wheel user to run any program you wrote, such as a game or smallutility... there's no limit to what you can do. In particular, you cancreate a new username, and make it a wheel. Or you can simply ask the systemoutright for someone's password, if I'm not mistaken. (All this requiresaccess to TOPS-20 programming manuals, but some of the necessary material

    should be available on line.) You cannot actually conceal this creation, asfar as I know... but maybe with sophisticated enough knowledge you couldmake it not immediately apparent... Anyway, once you get that far in, you canprobably keep one step ahead of them for a while... If they erase your newaccounts, you can use the passwords to old ones... They can change all ofthe wheel passwords, but a lot of the regular users won't change for sometime... You could even lock the operators out of their own system bychanging all their passwords for them, if you were crazy enough, perhaps

  • 8/3/2019 A Novice's Guide to Hacking

    5/5

    forcing them to shut the machine down to regain control of it. They mighteven have to restore stuff from tape backup.

    Even if you don't wedge your way into secret stuff, a TOPS-20 system can be

    fun to explore. It's much more novice-friendly than most systems, and muchmore hacker-friendly as well. I think the ascendency of Unix as the least-common-denominator OS that everybody can agree on is a definite loss,compared to TOPS-20.


Hacking - The Beginners Guide to Master The Art of Hacking In No Time - Become a Hacking GENIUS (2016)

Hacking - The Beginners Guide to Master The Art of Hacking In No Time - Become a Hacking GENIUS (2016)

Technology
ethical hacking, student guide

ethical hacking, student guide

Documents
The Non-Marketer's Guide To Growth Hacking

The Non-Marketer's Guide To Growth Hacking

Marketing
Xbox 360 Hacking Guide

Xbox 360 Hacking Guide

Documents
The Novice's Guide to the UNIX at the AI Laboratorydspace.mit.edu/bitstream/handle/1721.1/41216/AI_WP_307.pdf · The Novice's Guide to the UNIX at the AI Laboratory Version 1.0 Liz

The Novice's Guide to the UNIX at the AI Laboratorydspace.mit.edu/bitstream/handle/1721.1/41216/AI_WP_307.pdf · The Novice's Guide to the UNIX at the AI Laboratory Version 1.0 Liz

Documents
Ethical Hacking Student Guide by Palash

Ethical Hacking Student Guide by Palash

Documents
Hacking Emotional Intelligence: A psychologist's guide

Hacking Emotional Intelligence: A psychologist's guide

Lifestyle
The Definitive Guide To Growth Hacking

The Definitive Guide To Growth Hacking

Technology
Ethical Hacking - Student Guide

Ethical Hacking - Student Guide

Documents
The Beginner’s Guide to Growth Hacking

The Beginner’s Guide to Growth Hacking

Marketing
JRuby hacking guide

JRuby hacking guide

Documents
A CISO’s Guide to Ethical Hacking - Maven Security CISO’s Guide to Ethical Hacking ... network security, and ethical hacking. David has been active in ... files, the report)

A CISO’s Guide to Ethical Hacking - Maven Security CISO’s Guide to Ethical Hacking ... network security, and ethical hacking. David has been active in ... files, the report)

Documents
The Essential Guide To Hacking Habits

The Essential Guide To Hacking Habits

Business
Hacking: Beginner to Expert Guide

Hacking: Beginner to Expert Guide

Documents
GUIDE Hacking Android

GUIDE Hacking Android

Documents
A Novice's Guide to Draping

A Novice's Guide to Draping

Documents
A Definitive guide to Growth Hacking | PromptCloud

A Definitive guide to Growth Hacking | PromptCloud

Marketing
A Novice's Guide to Hacking 2004

A Novice's Guide to Hacking 2004

Documents
Hacking: Noob to Cyberpunk; Easy Guide to Computer …pdf.ebook777.com/054/B06XKSRWFN.pdf · Hacking Noob to Cyberpunk Easy Guide to Computer Hacking, Internet Security, Penetration

Hacking: Noob to Cyberpunk; Easy Guide to Computer …pdf.ebook777.com/054/B06XKSRWFN.pdf · Hacking Noob to Cyberpunk Easy Guide to Computer Hacking, Internet Security, Penetration

Documents
Beginners Guide to Hacking Windows

Beginners Guide to Hacking Windows

Documents
Maven CISO Guide to Ethical Hacking

Maven CISO Guide to Ethical Hacking

Documents
Ruby Hacking Guide

Ruby Hacking Guide

Documents
Ethical Hacking Guide

Ethical Hacking Guide

Documents
Honest Hacking Guide

Honest Hacking Guide

Documents
The Tao of IETF: A Novice's Guide to the Internet Engineering Task

The Tao of IETF: A Novice's Guide to the Internet Engineering Task

Documents
Ps3 Hacking Guide ByITXtutor

Ps3 Hacking Guide ByITXtutor

Documents
unreliable guide kernel hacking

unreliable guide kernel hacking

Documents
ETHICAL HACKING AND PENETRATION TESTING GUIDE

ETHICAL HACKING AND PENETRATION TESTING GUIDE

Documents
Hacking: Computer Hacking Beginners Guide

Hacking: Computer Hacking Beginners Guide

Documents
The Beginner's Guide to Growth Hacking 

The Beginner's Guide to Growth Hacking 

Documents