💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › primos1.txt captured on 2021-12-04 at 18:04:22.

View Raw

More Information

-=-=-=-=-=-=-

_______________________________________________________________________________

                  INTRODUCTION TO THE PRIMOS OPERATING SYSTEM
                    Part I (Identification and Penetration)

                              Written by Violence
                      Copyright (C) 1989 The VOID Hackers
_______________________________________________________________________________


INTRODUCTION to This Series

This is the  first  in a  public-release series of articles dealing with  Prime
computers (both mini's and supermini's)  and their respective operating system,
PRIMOS.  PRIMOS is one of the several operating systems that the general hacker
community has avoided due to unfamiliarity.  In all actuality, PRIMOS is a very
user-friendly operating  system  and as such,  demands respect.  In this series
of articles  I will cover  everything that is important to the  aspiring PRIMOS
hacker.  In the syllabus are:

Part   Contents
----   ------------------------------------------------------------------------
   I   Identification, and penetration, PRIMOS command line, command types
  II   Making Your Stay Last Longer, Basic PRIMOS Commands, Internal Security
 III   Useful PRIMOS Applications
  IV   Prime Network Communications (PRIMENET and Associated Utilities)
   V   Language Interpreters and Compilers, Advanced PRIMOS Commands
----   ------------------------------------------------------------------------

That about covers it.  This series is largely  based on extensive on-hands use,
and all  the information provided  herein is guaranteed to be  100% accurate in
regards to  Revisions 19.xx through 22.xx of PRIMOS.  I do occasionally address
pre-revision 19.xx systems, but only in passing as they are extremely uncommon.
In addition,  all sample programs included  herein have been fully tested.  All
PRIMOS output samples were taken from a Revision 22.0.0 PRIMOS system.

I chose to write this series in a technical manner, but not like a typical AT&T
document (grin).  All in all,  this series does not equal or even come close to
the actual PRIMOS documentation, but since such documentation  is generally un-
available to the hacker community, I have tried my best to create a series that
proves  as an acceptible alternative.  Due to the high content of information I
have provided herein, you are advised to obtain all of the parts to this series
and dump them to  your printer.  Spend a day reading and comprehending them.  I
suggest that you read the entire series before beginning to hack at Primes.

NOTE IN CLOSING: I have opted to remain purposefully vague in some areas due to
                 potential abuse.  This seems to be the rage these days and I'm
                 sorry if that upsets you, but I have no wish to compromise any
                 of Prime Computer, Inc.'s trade secrets.

_______________________________________________________________________________

WHAT'S IN PART I?


There is so much to get started with that I wasn't able to get everything in to
Part I.  This makes the subsequent parts of this series vital to the comprehen-
sion of the information presented here.  There is tons more to cover, so I will
urge you some more to go ahead and get ALL of the other parts.  Inside this in-
stallment I shall cover:

        o  Conventions Used Throughout This Series
        o  System Identification
        o  Front-End Security and Penetration
        o  The PRIMOS Command Line
        o  A Discourse on PRIMOS Command Types
        o  How PRIMOS Interacts With Its Users

In  'Part II'  I will completely detail the typical internal security setup and
how to improve  your security,  as well as the many  internal snooping  tactics
that I use in my  day-to-day  Prime wanderings.  I will also  discuss the vital
PRIMOS commands that should be memorized.

_______________________________________________________________________________

CONVENTIONS USED THROUGHOUT THIS SERIES


As with any multi-part series, a set of standards is needed, otherwise the rea-
der may become confused.  In writing this series of articles,  I had to make an
important decision regarding the  conventions used within  command examples and
with the numerous hands-on examples scattered throughout the text.

All command references in this series will follow the conventions put forth in
the PRIMOS reference manuals and online help facilities.  Conventions follow:

WORDS-IN-UPPERCASE  identify  command words  or keywords and are  to be entered
literally.  All command abbreviations will be listed  following the actual full
command name.

Words-in-lowercase  identify arguments.  You substitute  the appropriate numer-
ical or text value.

Braces { } indicate a choice of arguments  and/or  keywords.  At least one must
be selected.

Brackets [ ] indicate that the word or argument enclosed is optional.

Hyphens - indicate a command line option and must be entered literally.

Parenthesis ( ) must be entered literally.

Ellipses ... indicate that the preceeding argument may be repeated.

Angle Brackets < > are used literally to separate the elements of a pathname.

options: The word 'options' indicates that  one or more keywords and/or argu-
ments can be given and that a list of options for the command follow.

All examples throughout this text will be indented '8' spaces so that they will
be easily identifiable.  All text typed  by the  user in these examples will be
completely  displayed in lowercase characters.  PRIMOS output will then be easy
to identify.

_______________________________________________________________________________

SYSTEM IDENTIFICATION


PRIMOS is  Prime's uniform  operating system for their  extensive line of mini-
and supermini computers.  If you have ever read some of the  articles detailing
the PRIMOS  operating system floating about,  then you may have a basic working
knowledge of PRIMOS and such.  I will be referencing  some of these articles in
this series occasionally (all references are listed in the "References" section
at the end of the last part of this series).

A few years back,  the Prime model 750 was all the rage.  No longer is that the
case, however.  Now days there are many  models of Primes and  corporations and
governments  (the two main Prime owner classes)  purchase the models  that best
suit their individual needs.  Thusly, you will find Prime 250's  (ancient)  and
750's (also ancient, but still in use) to Prime 4150's (a mid-range system) and
the huge Prime 9550's (high-end mini's).  On the high-end of this you will also
find  Prime MCXL's  (super-mini's)  and Prime workstation clusters.  As you can
see, the army of Primes is astoundingly large.

Equally large in number are the  revisions of PRIMOS  that they run.  About all
that you will see these days are Rev. 20.xx  and greater but you will,  on occ-
asion, find a revision  17.xx,  18.xx,  or 19.xx system.  About the only places
you will find 17.xx  and  18.xx systems are on foreign packet-switched networks
(PSN's) (like on Brazil's Interdata or Renpac networks and Japan's Venus-P/NTII
or DDX-P/KDD networks).  A scant few 18.xx and  19.xx systems are still operat-
ing in the  United States.  As said previously,  however,  you will most likely
find from Rev's 20.xx through 22.xx systems here (and in most other countries).

To understand how PRIMOS interfaces  with users you need to have a good working
grasp of  what the  standard  PRIMOS operating  system model looks like.  To do
this you need a decent abstract model.  Here:

Identifying a Prime mini- or supermini computer  is not very difficult.  Primes
generally behave in one of  two ways when connected to.  They either sit there,
echoing nothing to your screen or,  in the case of a  PRIMENET-equipped system,
display their PRIMENET nodename.

In the former case,  try this  simple test  upon connecting.  Type a few random
keystrokes followed by a RETURN and take note of what the  host system responds
with.  If it responds with a battery of error messages followed with the rather
distinctive 'ER!' prompt, then it is a Prime.  Here is an example:

        asdf
        Invalid command "ASDF". (processcommand)
        Login please.
        ER!

Any Prime that just sits there waiting for you to login is not running PRIMENET
and generally lacks inter-system communications capability.  On the other hand,
those systems that are equipped with PRIMENET jump right out and yell "Hey! I'm
a Prime!",  as they display their revision of PRIMOS  and their system nodename
upon connect.  Here is an example:

        PRIMENET 21.0.3 VOID

That's all there is to Prime system identification.  Like I said, it's a rather
trivial task.

_______________________________________________________________________________

FRONT-END SECURITY AND SYSTEM PENETRATION


Now that we have located a Prime,  how do we bypass  the front-end security and
get in?  Well, before I can begin to answer that question a little discourse on
the security itself is required.

The government has granted Primes a C2 security rating.  To give you an idea of
what that means, VAXen are also classed as C2 systems.  Hoewever,  that C2 rat-
ing sort of 'fluctuates' about.  External security should really be a bit high-
er, as Prime Computer,  Inc. tells their administrators to remove all defaults.
Not very nice, eh?  On the other hand,  internal security  is not so hot.  I'll
discuss internal security more fully in the next Part of this series.

The front door is similar to PRIMOS command level in that it utilizes the comm-
and line  (the prompting and I/O sub-systems). The only  command  which you can
enter at this level of operation is the LOGIN command.  There is no 'who' comm-
and available  to you prior  to system login.  As  Evil Jay  pointed out in 
his "Hacking PRIMOS" files  (volumes I-III),   there is no easy  way to get  
into a
Prime computer, as its front-door security is excellent.

At this point only one option lies available, unless, of course, you know some-
one on the inside  (grin).  This option is default accounts.  How nice of Prime
Computer,  Inc.  to install so many default accounts  at their factories.  As I
have said, however, they tell their administrators to remove these default acc-
ounts after  the system has  been installed.  Not a  few administrators fail to
remove these defaults,  however,  and that is good for us.  Also,  never forget
that Prime users are people and people like to use  easy-to-remember passwords.
But before I go any further, let me explain the LOGIN command in greater detail
(patience is a virtue, you know).

Typically you will type  'LOGIN'  and press RETURN.  You will then be requested
first for User ID and then your password.  Here's yet another example:

        login
        User id? user
        Password? <not echoed>
        Invalid user id or password; please try again.
        Login please.
        ER!

Well,  that sure didn't work.  Notice how  PRIMOS didn't echo your  password to
you.  The above example is from a non-PRIMENET Prime.  After this bad entry you
are probably still connected, so you can have another go at it.  A non-PRIMENET
system generally has a high bad-login threshold,  so you can make many attempts
per connect.  A PRIMENET system on the other hand is more of a bitch to hack as
it will disconnect you after the first incorrect login.  Here's another example
(assuming you are hacking a PRIMENET system from the TELENET X.25 network):

        @214XXX

        214 XXX CONNECTED
        PRIMENET 20.0.0 VOID
        login user
        Password? <not echoed>
        Invalid user id or password; please try again.

        214 XXX DISCONNECTED 00 00 00:00:00:08 9 7

As you can see, one chance is all you get with a PRIMENET system.  A minor note
is in order here regarding all the myriad of  X's in the above example.  I have
masked the last three digits of the system's NUA  (Network User Address), for I
do not wish all you eager PRIMOS hackers to start banging on my  system's front
door (grin).  I have also edited the system's nodename from its actual nodename
to a more appropriate one (grin).  I will continue to mask all system identifi-
cation from my examples.
 
So far you are accustomed  to typing in  'LOGIN'  and pressing  RETURN to start
logging in.  On all Primes you can nest the 'LOGIN' command and your User ID in
the same line, as is illustrated in the following example:

        login user
        Password? <not echoed>

And on a very few other Primes you can do a full LOGIN nest, as such:

        login user password

You might not wish to use  full-nesting capability when other hackers are lurk-
ing about, as they might decide to practice shoulder surfing (grin).

If a  User ID/password combination  (hereafter referred to as an 'account')  is
valid, you will recieve the following login herald from PRIMOS:

        USER (user 87) logged in Sunday, 22 Jan 89 16:15:40.
        Welcome to PRIMOS version 21.0.3
        Copyright (c) 1988, Prime Computer, Inc.
        Serial #serial_number (company_name)
        Last login Wednesday, 18 Jan 89 23:37:48.

'serial_number' and 'company_name' will be replaced by the actual serial number
and company name of the company that owns the Prime computer site.

Just one more small thing I need to cover about the  'LOGIN' command right now,
and that is login troubles.  Troubles?  You bet'cha.  The first  trouble occurs
when the account you login to exists and is valid, but it doesn't have an init-
ial ATTACH point (in other words,  you don't seem to have a  'home' directory).
This is no fun, since this account cannot be logged into.  Bah.  The other tro-
uble is remote user passwords.  This is definitely no fun.  The prompt for such
are generally different from one another, as they run both commercial and cust-
om written software to handle this.  When you come upon a remote password,  try
the User ID and, if that doesn't work, then try the system's nodename.  If both
of these attempts fail, you can either keep trying passwords (brute-force hack-
ing) or you can give it up and move onto the next account or system.  A popular
commercial front-end security package is  "LOGINSENTRY"  from Bramalea Software
Systems, Inc.  "LOGINSENTRY" is an excellent package,  so good luck when you go
up against it.  It supports  remote  passwords,  password  aging,  old-password
databasing, etc.

That's about all you need to know about the 'LOGIN' command right away.  In the
section on Prime Networking I will discuss the remote login feature (similar to
the UNIX 'rlogin' command).  For now, this will suffice.

Here is a listing of  default PRIMOS accounts along with  some other accounts I
find that work occasionally (i.e, more than just once):

NOTE: The '+' and '*' symbols are not parts of the User ID.


  User ID         Password                Comments
_______________________________________________________________________________

+ ADMIN           ADMIN, ADMINISTRATOR    Administrator account
+ CMDNC0          CMDNC0                  External command UFD maintenance

+ DIAG            DIAG                    Diagnostic account
+ FAM             FMA                     File Access Manager
+ GAMES           GAMES                   Games account (only on schools)

+ HELP            HELP                    Help subsystem account
+ INFO            INFO                    Information account
+ JCL             JCL                     Job Control Language account
+ LIB             LIB, LIBRARY            Library maintenance account
+ NETMAN          NETMAN                  Network controller account
+ NETPRIV         NETPRIV                 Network priv account
+ NEWS            NEWS                    News account
+ NONETPRIV       NONETPRIV               Network nopriv account

+ PR1ME           PR1ME                   Prime account
+ PRIMOS          PRIMOS                  Prime account
+ PRIMOS_CL       PRIMOS_CL               Prime account
+ REGIST          REGIST                  User registration account
+ RJE             RJE                     Remote Job Entry account
+ STUDENT         STUDENT, SCHOOL         Student account (only on schools)

+ TELENET         TELENET                 GTE TELENET account

+ TOOLS           TOOLS                   Tool maintenance account
_______________________________________________________________________________


Several of these  combinations will not work,  as they are initial system setup
accounts and the administrator, after setup, changes them or completely removes
them (Prime Computer, Inc. advises this).  I have denoted these accounts with a
'+' symbol.

The accounts marked by a '*' are the ones that I find work most commonly.  More
often than not they have good privileges (with exception to GUEST).

Notice SYSADM.  Say, isn't that a UNIX default?  Sure it is but I have found it
to work so many times that I just had to assume it was a default of some sort.

As for TELENET I have yet to see it work, but Carrier Culprit states in the LOD
Hacker's Technical Journal file on PRIMOS (LOD T/J Issue 2) that it works some-
times.

Lastly, unlike UNIX, the PRIMOS LOGIN subsystem is not case-dependant.  This is
good, as case dependancy gets boring at times.  User ID "system" is the same as
"SYSTEM".  PRIMOS maps all command line input to upper case prior to processing
it.  This is true for  logins  and  commands.  Although your  typing appears in
lower case, PRIMOS interprets it in upper case.  No big deal.  Just thought I'd
mention it.

All of this information is for  19.xx through 22.xx systems.  I do believe that
I will make an appendix for logging into revision 17.xx and 18.xx systems beca-
use you never know when you might find one.  And besides, once you have experi-
enced a revision 17.xx or 18.xx system you will love revisions  21.xx and 22.xx
that much more!

_______________________________________________________________________________

THE PRIMOS COMMAND LINE


Before I go on any further some discussion on the PRIMOS command line is in or-
der.  The command line is the agent that accepts your input and then transports
the input to the command processor (known affectionately as '(processcommand)')
for parsing.

The PRIMOS command line is interesting in the fact that it utilizes two prompts
in it's execution.  These prompts are 'OK,'  and 'ER!'.  There is no difference
in the two, save that the 'ER!' prompt is displayed only after you make a mist-
ake and are given an  error message.  After successful  execution of a command,
however, you will see the 'OK,' prompt again.  You can alter these prompts with
a special command, but I will save that for the section I have planned on cust-
omizing your environment.

Of all the most popular command lines (PRIMOS, UNIX, VAX/VMS) I like the PRIMOS
command line the most.  You can have separate commands on the same command line
(just separate them with a semicolon), and so forth.

No command (along with all options and arguments) can be longer than 160 char-
acters.  If you should enter a command line longer than 160 characters then it
will be rejected by the command processor and you will get the following error
message:

        Command line longer than 160 characters. (listen_)

The PRIMOS command line has several special features, and some of these are:

        o  User-defined abbreviations
        o  Command line syntax suppression
        o  Multiple commands on one line
        o  User-defined global variables
        o  PRIMOS command functions
        o  Command iteration
        o  Wildcard names
        o  Treewalk pathnames
        o  Name generation patterns

There will be full discourses on user-defined abbreviations and command func-
tions later in this series.

The PRIMOS command processor identifies these features by searching for special
characters entered in the  command line.  These special features,  in the order
that they are searched for, are given in the following table (this table repro-
duced from the Revision 19.xx Command Reference Manual, still pretty current in
this regard).

Be aware that user-defined functions are always processed first and use no spe-
cial characters of any sort.


FEATURE                 SPECIAL CHARACTER       COMMENTS
-------------------------------------------------------------------------------
Abbreviations                                   No special characters
Syntax suppressor                               In first position on line only
Command separator       ;
Global variables        % %
Functions               [ ]
Iteration               ( )
Treewalking             @,@@,+,^                In any intermediate position of
                                                pathname
Wildcarding             @,@@,+,^                In final position of pathname
Name generation         =,==,^=,^==,+
-------------------------------------------------------------------------------


When these  special characters are found,  the PRIMOS command processor substi-
tutes the value of the item for the item itself.  This is  'one-to-one' substi-
tution.

Iteration lists cause the command processor to create one command for each item
found or matched on the iteration lists.  In the case of  wildcard  or treewalk
names,  the user sets the  pattern and the command processor searches the spec-
ific directory or  directories for all  file system objects that  "match"  that
pattern.  These features can be thought of as creating "many-to-one" matches.

Name generation patterns can be used to create matching names either for simple
filenames or  for whatever  number of  filenames resulting  from a  wildcard or
treewalk name.

NOTE: All commands support all  the features listed above.  The general rule is
      as follows:  if a feature is not useful in  connection with a  particular
      command, then that command will not recognize it.

_______________________________________________________________________________

A DISCOURSE ON PRIMOS COMMAND TYPES


There are two kinds of PRIMOS commands,  internal and external.  Internal comm-
ands are built right inside of PRIMOS  (i.e, in the compiled programs that make
up PRIMOS).  External commands  are programs  located in the  CMDNC0 directory.
When an external command's filename is typed (the name of the command, less the
file extension) then the program is invoked.  Of course, you may add the file's
extension if you wish, as it will work, but that is defeating the purpose.

The reason for  internal  and  external commands  is twofold.  The PRIMOS files
(usually located in the DOS directory)  take up a lot of memory.  Not all Prime
systems have whopping loads of memory,  so Prime made sure that PRIMOS was able
to be executed flawlessly  (memory constraint-wise) on all system models.  Only
the MOST important commands were built inside of PRIMOS.  Less vital (yet still
vastly important) commands were made to be external commands.  Secondly,  diff-
erent sites have different needs.  Prime recognized this need and their command
structure allows for the easy customizing of PRIMOS commands (adding, changing,
removing, creating).  It's an ideal setup, really.

_______________________________________________________________________________

HOW PRIMOS INTERACTS WITH ITS USERS


To understand how PRIMOS interfaces  with users you need to have a good working
grasp of  what the  standard  PRIMOS operating  system model looks like.  To do
this you need a decent abstract model.  Here:

                      __    ________________________    __
                     |  |  |                        |  |  |
                     |  |  |    CMDNC0 Externals    |  |  |
                     |  |  |       __________       |  |  |
           Requests  |  |->|      |          |      |<-|  |  Requests
                     |  |  |      |  Kernel  |      |  |  |
            Replies  |  |<-|      |__________|      |->|  |  Replies
                     |  |  |                        |  |  |
                     |  |  |      Command Line      |  |  |
                     |__|  |________________________|  |__|

                     User                           Phantom
                     Processes                    Processes


As you can see,  PRIMOS is made up of  the kernel  (the heart of the  operating
system;  the command processor  and all of the  internal commands)  as well  as
the CMDNC0 externals (prograns; external commands)  and the PRIMOS command line
(what the user uses to interact with PRIMOS).

_______________________________________________________________________________


Well, I have come to the end of the first installment of five of the Introduct-
ion to the PRIMOS Operating System.  In the next part I will detail:

        o  Making Your Stay Last Longer
        o  Basic PRIMOS Commands to Memorize
        o  A Full Discourse on User-to-User Communication
        o  Internal PRIMOS Security
        o  Exploring the Vast Reaches of a Prime

Until then may the forces of darkness become confused on the way to your house.

_______________________________________________________________________________

      End of Part I of the "Introduction to the PRIMOS Operating System".
_______________________________________________________________________________