💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › VMS › vax.txt captured on 2022-06-12 at 08:53:37.
-=-=-=-=-=-=-
Extract from COMPUTER FRAUD & SECURITY BULLETIN This information was intended for the computer security industry to show system managers what they are up against regarding HACKING. HACKING VAX'S VMS. INTRODUCTION. The VAX is made by DEC(Digital Equipment Corp) and can run a variety of operating systems In this file,I will talk about the VMS(Virtual Memory Operating System),VMS also runs on the PDP-11, both mainframes are 32 bit machines with 32 bit virtual address space. ENTRANCE: When you first connect with a VAX you type either a return,a ctrl-c,or a ctrl-y It will then respond with something similar to: LOD RECURSIVE SYSTEMS INC VMS V4.0 Username: Password: The most frequent way of gaining access to a computer is by using a 'default' login/password. In this example you may try L as the user name and RECURSIVE as the password or a combination of words in the opening banner (if there is one) which may allow you access,otherwise you will have to try the DEFAULT METHOD of entry.The version listed above (V4.0)is the latest version to my knowledge of VMS. The more widely used version that I have seen is V3.7. When DEC sells a VAX/VMS,the system comes equipped with 4 accounts which are: DEFAULT This serves as a template in creating user records in the UAF (User Authorization File).A new user record is assigned the values of the DEFAULT record except where the system manager changes those values. The DEFAULT record can be modified but cannot be deleted from the UAF. SYSTEM Provides a means for the system manager to log in with full priviliges. The SYSTEM record can be modified but cannot be deleted from the UAF. FIELD Permits DIGITAL field service personnel to check out a new system.The FIELD record can be deleted once the system is installed. SYSTEST Provides an appropriate environment for running the User Environment Test Package (UETP). The SYSTEST record can be deleted once the system is installed. Usually the SYSTEM MANAGER adds,deletes,and modifies these records which are in the UAF when the system arrives, thus, eliminating the default passwords, but this is not true in all cases. The default passwords that I have found to get me into a system are: Username: Password: SYSTEM MANAGER or OPERATOR FIELD SERVICE or TEST DEFAULT USER or DEFAULT SYSTEST UETP or SYSTEST Other typical VMS accounts are: VAX VMS DCL DEMO TEST HELP NEWS GUEST GAMES DECNET Or a combination of the various usernames and passwords. If none of these get you in,then you should move on to the next system unless you have a way to get usernames/passwords, like from trashing, stealing passwords directly,or by some other means. YOUR IN! You will know that you are in by receiving the prompt of a dollar sign '