💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › primos5.txt captured on 2021-12-04 at 18:04:22.
-=-=-=-=-=-=-
_______________________________________________________________________________ INTRODUCTION TO THE PRIMOS OPERATING SYSTEM Part V (Languages and Advanced PRIMOS Material) Written by Violence Copyright (C) 1989 The VOID Hackers _______________________________________________________________________________ Welcome to the fifth and final part of my series on the PRIMOS operating sys- tem. In this last installment, I will cover many of the aspects of PRIMOS that I have overlooked, including: o Program Types and Execution (Languages) o All about Access Control Lists (Setting and Editing) o Abbreviation files (use and investigation thereof) o The physical system console of a Prime computer system o The ACL's and Read/Write Locks Used to Protect the SAD o Hacking older (outdated) revisions of PRIMOS o Some useful CPL utilities that enhance PRIMOS o References and Acknowledgements o Epilog - The End of a Series As you can see, part V is the "throw-together, finish-it-up" installment. Here I will cover everything that I have failed to do so in the previous parts. You should by now have a fairly good working knowledge of PRIMOS. I hope this last installment will make all you eager PRIMOS hackers happy. Enjoy! _______________________________________________________________________________ PROGRAM TYPES AND EXECUTION From the file extension listing in Part I you can see that There are many diff- erent types of programs, each with their own file extension. How can you look at and execute these programs? Well, that's what this section is all about. To start off, let's talk about CPL programs. CPL is Prime's "Command Procedure Language" and, like VAX/VMS's DCL, is an interpreted language for performing rudimentary tasks. This is not to say that it is unable to perform complicated tasks, for it most certainly can. Most commonly a user's LOGIN file will be a CPL program (usually called CPL's). CPL programs are SAM type files and can be SLISTed as usual. There are several methods for executing a CPL program. In these examples, I will assume the file is called VOID.CPL. Here are the examples: OK, cpl void OK, r void.cpl The first example illustrates use of the CPL command. When CPL'ing a program, you need not include the ".CPL" file extension, but you can if you want to. In the second example we see the R command. R is not really the command name, but the command's abbreviation. The full command name is RESUME. RESUME requires that you include the file extension along with the filename. Should a CPL pro- gram be located in the CMDNC0 directory, then you can execute it by simply ent- ering it's name. An example would be: OK, void That would execute the VOID.CPL program located in CMDNC0. In fact, any file located in CMDNC0 can be executed by simply typing it's name. You can, of cou- rse, append the file extension, but that is not necessary. CPL is a rather rich language and you can write many utilities with it. Every- thing from a utility to perform mediocre tasks to a full-fledged BBS/Chat prog- ram. CPL is really beyond a simple scripting langage. One thing Prime should consider is adding some new commands to CPL and writing a compiler subsystem for it. Tough work, yes, but the benefits would easily outweigh the problems involved (at least from my viewpoint). Until then, interpreted CPL is quite OK though. It's fast enough. It is beyond the scope of this series to provide instructions on programming in CPL, but there are alreasy some files floating around regarding it. The file in TCSB #1 (by Necrovore) lists all the CPL commands but is not very helpful in the examples department. With enough reader-response I might sit down and pound out a good CPL tutorial. On with the show... BAS files cannot be executed, as they are BASIC source code. You will want to compile the source and then execute the compiled code. To enter the BASIC sub- system you enter BASIC at the command line. Like this: OK, basic If the Prime you are on has BASIC/VM (called BASICV) available then I suggest that you use it, as, unlike standard BASIC, BASIC/VM is virtual in nature, making the machine's memory appear to be a hell of a lot larger than it really is. To invoke BASIC/VM, you would type (at the command line): OK, basicv Either way, you should get the ">" prompt. At this point, you need to load in the BAS file and compile it. All of the following examples assume that you are using BASIC/VM, as it is a lot more recent in nature. BASIC commands are very similar to BASIC/VM commands. On with the show. In the following examples I will show you what it would look like if you were to invoke BASIC/VM, load in a BAS program called VOID.BAS, compile it, and quit. OK, basicv [BASICV Rev. 22.0.0 Copyright (c) 1988, Prime Computer, Inc.] [Serial #serial_number (company_name)] >n void.bas >list 10 ! This is a sample BASIC/VM program 15 ! Written by Violence (C) 1989 VOID 20 ! 25 PRINT '[BASIC/VM EXAMPLE Rev. 22.0]' 30 ! 35 ! That revision level is a joke. Heh. 40 ! 45 INPUT LINE 'Enter some text,' A$ 50 PRINT 55 PRINT A$,LIN 1 60 END >comp void.bin >q OK, The 'n' command stands for NEW (either N filename or NEW filename will work). It is saying to BASIC/VM that the new filename is to be VOID.BAS. BASIC/VM lo- ads VOID.BAS into the workspace. The LIST command should be obvious. The COMP command is the abbreviation for COMPILE. It takes the source code, checks it for errors, and compiles and links it into a binary file. This file can be executed by using the RESUME command, as illustrated: OK, R VOID.BIN BASIC source code, as well as other types of source code (CBL, FTN, F77, etc.) will not compile if it contains errors. To enter the other available compilers you must enter the name of the language compilers. Available compilers consist of the following: * BASIC Prime BASIC compiler * BASICV Virtual memory BASIC compiler * COBOL COBOL compiler DBASIC Interpreted BASIC with double-precision arithmetic * F77 Compiles FORTRAN 77 or FORTRAN IV code * FTN Compiles FORTRAN IV code * NCOBOL Non-shared (non-virtual) COBOL compiler * PL1G Compiles PL/1, subset G code * PMA Assembles Prime Macro Assembler code RPG Compiles an RPG II program (non-virtual) SPL Compiles an SPL program VRPG Compiles an RPG II program (virtual) Language systems commonly found on Primes are denoted with an asterisk (*). Generally, to execute compiled source code, use the RESUME (R) command. If the program is located in CMDNC0, just issue the filename (less the file extension) to execute it. Use SLIST to view source code. Most always, source code will have file extension denoting the language type. If a source code file does not have an extension then SLIST it. Lots of times a source file will tell you what language it was coded in in its comment header. I am not going to go into the other languages as many hackers are not familiar with high level languages such as FORTRAN IV, FORTRAN-77, PL/1 Subset G, etc. Quite a few are, but not as many as one would think. The information I have presented on CPL and BASIC/VM is enough to get you on your way, and besides, there are other means of learning these languages: (a) Looking at source code files and learning (b) Purchasing language manuals from Prime Computer, Inc. (A) is easy to do. Just look for files with the extensions '.FTN', '.BAS', '.PLP', '.PL1', '.PMA' and so forth. Remember, '.SAVE' and '.BIN' are compiled code and not source. (B) may not seem like a good or easy option, but it's not so bad at all! Prime Computer, Inc. will sell you manuals for these languages for about $20 to $25 a piece. Not so bad when you consider most manuals cost even more. Just call up Prime Computer, Inc.'s Telemarketing Department and request info or buy them right then and there. Should they ask why you want manuals, tell them you are a freelance Prime programmer. They love that one. Here's the address, etc: Software Distribution PRIME COMPUTER, INC. 1 New York Ave. Framingham, MA 01701 (617) 879-2960 ext 2053, 2054 _______________________________________________________________________________ SETTING AND EDITING ACCESS CONTROL LISTS (ACL'S) You have already learned how to check the ACL (Access Control List) protecting a specified UFD and you also know what each of the access rights are and what they mean. If you have forgotten any of these things then please refer to Part II of this series. First off I will explain ACL's and how they are set up. Then I will go into the actual editing and creating of ACL's. ACL's are stored in Access Catagories (ACAT's) and can protect not only UFD's, but also individual files. An ACL is a list of users and access rights for the objects they cover. Each entry in an ACL governs who has what rights to a par- ticular filesystem object. Each entry in an ACL is an ordered pair, as is ill- ustrated by this structural example: identifier:rights The two fields in an entry in an ACL must be separated by a colon (:). ACL's may contain up to 32 pairs but may not be longer than 160 characters in length, including blanks. An identifier is one of three types, a single user ID (such as SYSTEM), a group identifier (like .PROJECT_ADMINISTRATORS$), or a special identifier (like $REST meaning everyone else not specified in the ACL). Access categories are files that contain an ACL. ACAT's are used to protect a set of files in a similar matter. A good example of ACAT usage is the SAD UFD on a Prime computer (located off of MFD 0). SAD is protected in such a manner that all of the files therein are protected similarly. Basically, ACAT's are useful when protecting files in a UFD differently from one another. Here is a sample ACL for a UFD called STEVE. I will be using this ACL for all further examples used in this section. ACL protecting "<Current directory>": STEVE ALL SYSTEM ALL LOWERY DALURW JOHNSON DALURW $REST: NONE Notice that the owner of this UFD, STEVE, has ALL rights to his UFD. This is obvious, of course. Also notice that SYSTEM has ALL rights also. This is pro- bably due to backup reasons, etc. STEVE has also given the users, LOWERY and JOHNSON DALURW access to his UFD. Possibly they are in the same department and are working together on a project of some sort. The $REST identifier is a wildcard indicating that no other system user has any access to STEVE's UFD. Let's say that LOWERY no longer works on the project with STEVE and JOHNSON. Therefore LOWERY's access to STEVE's UFD needs to be terminated. In addition, JOHNSON needs P (Protect) access to STEVE's UFD. Lastly, STEVE wants to add SIMPSON to his ACL (LOWERY's replacement, perhaps). To perform these changes, STEVE must edit his UFD's ACL. To do this he will have to use the EDIT_ACCESS command (abbreviated EDAC). Here is what he would type: OK, edac <user02>steve lowery: johnson:pdalurw simpson:dalurw Sorry for the runover, but ACL related command lines are generally lengthy. It should be easy for you to track the modifications presented in the above examp- le. Notice that STEVE did not list himself or SYSTEM. Why? Because he wasn't making changes to them. When using EDAC you need only list all ACL changes. The EDAC command will be useful for editing rights into other people's ACL- protected UFD's (assuming you have access to do such). STEVE's new ACL looks like this: ACL protecting: "<Current directory>": STEVE ALL SYSTEM ALL JOHNSON PDALURW SIMPSON DALURW $REST: NONE If you happen to create an account on a Prime computer you will want to protect your UFD with an ACL. To do this you will want to use the SET_ACCESS command (abbreviated SAC). Let's go back into time when the system administrator of STEVE's system created his account. Also assume that the sys admin didn't cre- ate a default ACL for STEVE. Here is what STEVE did to create his original ACL entry: OK, sac <user02>steve steve:all system:all lowery:dalurw johnson:dalurw $rest:none Unlike EDAC, SAC requires you to list all ACL fields. Failure to list a field will cause the field to have NONE as the access right. EDAC and SAC will usually prompt you as to whether or not you really want to make the specified changes, if you want to overwrite an existing ACL file, and so forth. If you supply a -NO_QUERY argument to the end of the entry then you will not be prompted at all. Abbreviate -NO_QUERY with -NQ. A good example is SAC'ing an existing ACL to make wholesale modifications. To avoid the 'are you sure' type prompt, type this (using our previous SAC example): OK, sac <user02>steve steve:all system:all lowery:dalurw johnson:dalurw $rest:none -nq Remember, when SAC'ing and EDAC'ing ACL's include the full pathname of the ACL file. And remember to include the owner as having ALL rights, as failure to do so can lock you out of a UFD or other filesystem object. Other access-related commands are LIST_ACCESS (abbreviated LA, detailed in Part II of this series), RWLOCK, SET_DELETE, and PROTECT. Use Prime's online 'HELP' for descriptions of these commands. _______________________________________________________________________________ PRIMOS ABBREVIATION FILES While most PRIMOS commands are not long enough to be an inconvinience, it can occasionally be irritating to type a command or command with arguments that you commonly use. The solution? Abbreviations. PRIMOS fully supports abbreviations. Abbreviations are exactly what they sound like; shortened commands that represent full commands. Some good examples that illustrate this are as follows: (a) Say you like use the -DETAIL argument of the LD command as opposed to the normal form of LD. Instead of having to type LD -DET all the time you can create an abbreviation called LF that will, when issued, tell PRIMOS to do an LD -DET. (b) Say you frequently issue the CLOSE ALL command. Wouldn't it be nicer to be able to type CA instead of CLOSE ALL all the time? (c) Say you create many temporary (T$xxxx) files and that you have to delete these files when done with your session. Instead of 'hand- deleting' them before you logout, make an abbreviation called DT that PRIMOS interprets as DELETE T$@ -NQ. Those three examples illustrate the usefulness of abbreviation files. Another nice fact about abbreviation files is that people occasionally store passwords to passworded UFD's (non-ACL) and NUA's to various and sundry systems on the network. So inspecting peoples' abbreviation files is also good hacking pract- ice. In this section I will describe how to access, list, use, and create abb- reviation files. Abbreviation files can be called from within CPL program as well as used during interactive sessions. Another important fact about abbreviation files is that they can contain only normal commands and not subcommands. That is to say, you can abbreviate any normal command line procedure, but you cannot make an abb- reviation to enter NETLINK, call and NUA, and THEN log you in. The system administrator can turn abbreviation files on and off, thus some ins- tallations will not be able to use abbreviation files. First off lets learn how to look at and use existing abbreviation files (ABBREV files). At the start of a session you must tell PRIMOS to 'turn on' your abb- reviation file. Usually a user's LOGIN.CPL or LOGIN.COMI file will do this for you, but if you want to look inside another user's ABBREV file you will need to know how to do this from the PRIMOS command line. Type: OK, abbrev pathname where 'pathname' is the full pathname of the ABBREV file you wish to activate. To see what is inside the ABBREV file, issue the following command: OK, abbrev -list Very simple. To deactivate an ABBREV file, simply type: OK, abbrev -off If you wish to turn the ABBREV file back on, type: OK, abbrev -on If you have activated a new ABBREV file (with the 'ABBREV pathname' command) then you will have to use the 'ABBREV pathname' file to turn the ABBREV file on again. Note that logging off will automatically turn on an active ABBREV file. Also note that you can only have one active ABBREV file at any given time. To create a brand new ABBREV file, you need to issue the following command: OK, abbrev newpathname -create An example would be: OK, abbrev void -create OK, Sub: Other Nets [BitNet etc..] Read: (1-30), Message # 30, (c/r)=Next Msg ?::R 30/30: Last prime file 10 of 10... Name: Predat0r #1 @5211 Date: Sun May 05 22:40:43 1991 From: Youth International Party Line (Kentucky) Now you have an empty ABBREV file named VOID. Abbreviations consist of two parts, a name and a value. Names can be up to 8 ASCII characters in length and can contain any character except for spaces, single-quotes ('), commas (,), greater-than symbols (>) and vertical bars (|). Also remember that PRIMOS con- verts all command line text to UPPER CASE, so case is irrelevant in the name. NOTE: Do NOT start an abbreviation name with a hyphen (-). If you do then you will have to enclose the entire name in single-quotes (') whenever you issue the ABBREV command. Example, an abbreviation named -VOID can only be called if you type '-VOID' and so forth. Values contain the ASCII text that the abbreviation name represents (ie, the actual command line procedure). Values can contain all characters. Now let's create a sample ABBREV file. Let's fill it up with some useful abb- reviations. Type: OK, abbrev -add test cpl test OK, abbrev -add ca close all OK, abbrev -add lf ld -det OK, abbrev -list Abbreviation file: <USER02>TVH>VOID Abbreviations: 2 TEST cpl test CA close all LF ld -det OK, Okay, here we have just created three abbreviations. These abbreviations will now be interpreted as commands by the PRIMOS command line. Thus, typing: OK, test will execute the CPL program called TEST (or TEST.CPL; recall that CPL does not require you to enter the file extension). CA would act just like you had typed CLOSE ALL, and so on. Be aware that an abbreviation file cannot contain more than 200 abbreviations. To delete an abbreviation file entry, type: OK, abbrev -delete abbrevname Thus, to delete the TEST abbreviation, we would type: OK, abbrev -delete test These are the basics of the abbreviation subsystem. There are more advanced commands that I have not gone over due to spacial limitations. To obtain more information on the abbreviation subsystem, type: OK, abbrev -help _______________________________________________________________________________ THE PHYSICAL SYSTEM CONSOLE The physical system console of a Prime computer has added power over any other local or remote terminal. It is only from this one specific console that several potent operator commands can be issued and invoked successfully. A few of these console-specific commands will be boring to any hacker not into system programming on a Prime. Some commands, however, will be rather useful. About the most useful console command is the 'RESUS -ENABLE' command. As you might recall from Part III, RESUS is the REmote System USer facility. That is to say, when RESUS is enabled and you are logged into an administrator account, you will actually be a virtual system console. This will allow all console commands to be able to be used from any local or remote terminal. The -ENABLE argument simply tells PRIMOS that you want to turn RESUS on. Another useful console command is the user logoff command. With this you will be able to logoff users other than yourself. This is not advised. Other useful commands are the log management commands. These will allow you to make your presence on the system virtually unknown. Simply edit all logs, both PRIMOS and NETWORK related, and kill all references to yourself. There is much that you can do. For a full list of operator commands you will have to invoke the online HELP facility by typing, you guessed it, HELP. Without an argument, it should list all the PRIMOS commands. Just pick out those that say 'Operator Command' beside them. I'm not really going to continue with this topic as you will have a hard time getting console capability unless you are on-site or the fools have RESUS enabled and you are using a SYS1 priv'ed account. You don't need the logging commands to edit the logs (just the SYS1 privs). Lastly, there are ways of getting console that I will not discuss. I just want you to know that there are additional methods available and that you should work at finding them. Its the best way to really learn (besides, it's too sensitive to release to the general hacker community). _______________________________________________________________________________ THE ACL'S AND READ/WRITE LOCKS USED TO PROTECT THE SAD It should prove both helpful and informative to know how the SAD (System Admin- istration Directory) is protected. The following 'map' displays the SAD ACL's and their associated access rights. SAD - System Administrator Directory | | (System Administrator: ALL) | (Login Server: ALL) | (Everyone Else: LU) ______________|_______________________________________ | | | | | UVF SDF MGF MPF PD (Sys Admin: ALL) (DEFAULT) (DEFAULT) (PA.ACAT) (PA.ACAT) | (Login Srv: LUR) | (PA.ACAT: LURW) ______________________________________________________| | | | | | MPP PVF PPPF PDF BACKUP (Sys Admin: RW)(DEFAULT) (DEFAULT) (DEFAULT) (Sys Admin: ALL) (Login Srv: R) (PA.ACAT: DALURW) (PA.ACCR: R) PA.ACAT = System_Administrator: RW .PROJECT_ADMINISTRATORS$: RW SAD = System Administration Directory UVF = User Validation File SDF = System MGF = Master Group File MPF = Master Project File PD = <not sure> MPP = Master Project Profile PVF = Project Validation File PPPF = <not sure> PDF = <not sure> BACKUP = Backup of PA.ACAT PA.ACAT = Project Admin Access Cat _______________________________________________________________________________ HACKING OLDER (OUTDATED) REVISIONS OF PRIMOS I hadn't planned on covering any pre-19.x.x revisions of PRIMOS, but I thought some of you avid network hackers might be interested to know the very basics about these insecure revisions. Revisions 18.x.x, 17.x.x and earlier will actually tell you whether or not a given user ID is valid before asking you for a password. This makes it a rather trivial task of determining whether or not a given account exists. In my experiences early revisions of PRIMOS will be found only on obscure nets, like those in Brazil and Japan. On these archaic revisions of PRIMOS you can enter CTRL-C as the password of a valid account and automatically bypass the front door password security. Very nice. You can barely find these ancient revisions anymore. These older revisions are not at all like the current revisions of PRIMOS. I suggest reading the 'HACKING PRIMOS' article by Nanuk of the North if you plan on penetrating these revisions, as his file was written in the days when 18.x.x was common. Not really much more that I can say, as you'll probably never come across these revisions and even if you do, the command structure they use is enough to cause severe gastro-intestinal disorders. _______________________________________________________________________________ SIMPLIFIED MEANS OF ATTACHING TO SUB-UFD'S Sub-directories are great, but when you start going deeper than 2 levels on a Prime it starts getting to be a pain. Full pathnames get to be depressing when you are 6 or 7 levels deep. Enter the UP and DOWN external commands. Recall that I mentioned these commands in Part II of this series. These externals are found on most Primes, but there are a few that do not have them available.