💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › primos1.txt captured on 2021-12-04 at 18:04:22.
-=-=-=-=-=-=-
_______________________________________________________________________________ INTRODUCTION TO THE PRIMOS OPERATING SYSTEM Part I (Identification and Penetration) Written by Violence Copyright (C) 1989 The VOID Hackers _______________________________________________________________________________ INTRODUCTION to This Series This is the first in a public-release series of articles dealing with Prime computers (both mini's and supermini's) and their respective operating system, PRIMOS. PRIMOS is one of the several operating systems that the general hacker community has avoided due to unfamiliarity. In all actuality, PRIMOS is a very user-friendly operating system and as such, demands respect. In this series of articles I will cover everything that is important to the aspiring PRIMOS hacker. In the syllabus are: Part Contents ---- ------------------------------------------------------------------------ I Identification, and penetration, PRIMOS command line, command types II Making Your Stay Last Longer, Basic PRIMOS Commands, Internal Security III Useful PRIMOS Applications IV Prime Network Communications (PRIMENET and Associated Utilities) V Language Interpreters and Compilers, Advanced PRIMOS Commands ---- ------------------------------------------------------------------------ That about covers it. This series is largely based on extensive on-hands use, and all the information provided herein is guaranteed to be 100% accurate in regards to Revisions 19.xx through 22.xx of PRIMOS. I do occasionally address pre-revision 19.xx systems, but only in passing as they are extremely uncommon. In addition, all sample programs included herein have been fully tested. All PRIMOS output samples were taken from a Revision 22.0.0 PRIMOS system. I chose to write this series in a technical manner, but not like a typical AT&T document (grin). All in all, this series does not equal or even come close to the actual PRIMOS documentation, but since such documentation is generally un- available to the hacker community, I have tried my best to create a series that proves as an acceptible alternative. Due to the high content of information I have provided herein, you are advised to obtain all of the parts to this series and dump them to your printer. Spend a day reading and comprehending them. I suggest that you read the entire series before beginning to hack at Primes. NOTE IN CLOSING: I have opted to remain purposefully vague in some areas due to potential abuse. This seems to be the rage these days and I'm sorry if that upsets you, but I have no wish to compromise any of Prime Computer, Inc.'s trade secrets. _______________________________________________________________________________ WHAT'S IN PART I? There is so much to get started with that I wasn't able to get everything in to Part I. This makes the subsequent parts of this series vital to the comprehen- sion of the information presented here. There is tons more to cover, so I will urge you some more to go ahead and get ALL of the other parts. Inside this in- stallment I shall cover: o Conventions Used Throughout This Series o System Identification o Front-End Security and Penetration o The PRIMOS Command Line o A Discourse on PRIMOS Command Types o How PRIMOS Interacts With Its Users In 'Part II' I will completely detail the typical internal security setup and how to improve your security, as well as the many internal snooping tactics that I use in my day-to-day Prime wanderings. I will also discuss the vital PRIMOS commands that should be memorized. _______________________________________________________________________________ CONVENTIONS USED THROUGHOUT THIS SERIES As with any multi-part series, a set of standards is needed, otherwise the rea- der may become confused. In writing this series of articles, I had to make an important decision regarding the conventions used within command examples and with the numerous hands-on examples scattered throughout the text. All command references in this series will follow the conventions put forth in the PRIMOS reference manuals and online help facilities. Conventions follow: WORDS-IN-UPPERCASE identify command words or keywords and are to be entered literally. All command abbreviations will be listed following the actual full command name. Words-in-lowercase identify arguments. You substitute the appropriate numer- ical or text value. Braces { } indicate a choice of arguments and/or keywords. At least one must be selected. Brackets [ ] indicate that the word or argument enclosed is optional. Hyphens - indicate a command line option and must be entered literally. Parenthesis ( ) must be entered literally. Ellipses ... indicate that the preceeding argument may be repeated. Angle Brackets < > are used literally to separate the elements of a pathname. options: The word 'options' indicates that one or more keywords and/or argu- ments can be given and that a list of options for the command follow. All examples throughout this text will be indented '8' spaces so that they will be easily identifiable. All text typed by the user in these examples will be completely displayed in lowercase characters. PRIMOS output will then be easy to identify. _______________________________________________________________________________ SYSTEM IDENTIFICATION PRIMOS is Prime's uniform operating system for their extensive line of mini- and supermini computers. If you have ever read some of the articles detailing the PRIMOS operating system floating about, then you may have a basic working knowledge of PRIMOS and such. I will be referencing some of these articles in this series occasionally (all references are listed in the "References" section at the end of the last part of this series). A few years back, the Prime model 750 was all the rage. No longer is that the case, however. Now days there are many models of Primes and corporations and governments (the two main Prime owner classes) purchase the models that best suit their individual needs. Thusly, you will find Prime 250's (ancient) and 750's (also ancient, but still in use) to Prime 4150's (a mid-range system) and the huge Prime 9550's (high-end mini's). On the high-end of this you will also find Prime MCXL's (super-mini's) and Prime workstation clusters. As you can see, the army of Primes is astoundingly large. Equally large in number are the revisions of PRIMOS that they run. About all that you will see these days are Rev. 20.xx and greater but you will, on occ- asion, find a revision 17.xx, 18.xx, or 19.xx system. About the only places you will find 17.xx and 18.xx systems are on foreign packet-switched networks (PSN's) (like on Brazil's Interdata or Renpac networks and Japan's Venus-P/NTII or DDX-P/KDD networks). A scant few 18.xx and 19.xx systems are still operat- ing in the United States. As said previously, however, you will most likely find from Rev's 20.xx through 22.xx systems here (and in most other countries). To understand how PRIMOS interfaces with users you need to have a good working grasp of what the standard PRIMOS operating system model looks like. To do this you need a decent abstract model. Here: Identifying a Prime mini- or supermini computer is not very difficult. Primes generally behave in one of two ways when connected to. They either sit there, echoing nothing to your screen or, in the case of a PRIMENET-equipped system, display their PRIMENET nodename. In the former case, try this simple test upon connecting. Type a few random keystrokes followed by a RETURN and take note of what the host system responds with. If it responds with a battery of error messages followed with the rather distinctive 'ER!' prompt, then it is a Prime. Here is an example: asdf Invalid command "ASDF". (processcommand) Login please. ER! Any Prime that just sits there waiting for you to login is not running PRIMENET and generally lacks inter-system communications capability. On the other hand, those systems that are equipped with PRIMENET jump right out and yell "Hey! I'm a Prime!", as they display their revision of PRIMOS and their system nodename upon connect. Here is an example: PRIMENET 21.0.3 VOID That's all there is to Prime system identification. Like I said, it's a rather trivial task. _______________________________________________________________________________ FRONT-END SECURITY AND SYSTEM PENETRATION Now that we have located a Prime, how do we bypass the front-end security and get in? Well, before I can begin to answer that question a little discourse on the security itself is required. The government has granted Primes a C2 security rating. To give you an idea of what that means, VAXen are also classed as C2 systems. Hoewever, that C2 rat- ing sort of 'fluctuates' about. External security should really be a bit high- er, as Prime Computer, Inc. tells their administrators to remove all defaults. Not very nice, eh? On the other hand, internal security is not so hot. I'll discuss internal security more fully in the next Part of this series. The front door is similar to PRIMOS command level in that it utilizes the comm- and line (the prompting and I/O sub-systems). The only command which you can enter at this level of operation is the LOGIN command. There is no 'who' comm- and available to you prior to system login. As Evil Jay pointed out in his "Hacking PRIMOS" files (volumes I-III), there is no easy way to get into a Prime computer, as its front-door security is excellent. At this point only one option lies available, unless, of course, you know some- one on the inside (grin). This option is default accounts. How nice of Prime Computer, Inc. to install so many default accounts at their factories. As I have said, however, they tell their administrators to remove these default acc- ounts after the system has been installed. Not a few administrators fail to remove these defaults, however, and that is good for us. Also, never forget that Prime users are people and people like to use easy-to-remember passwords. But before I go any further, let me explain the LOGIN command in greater detail (patience is a virtue, you know). Typically you will type 'LOGIN' and press RETURN. You will then be requested first for User ID and then your password. Here's yet another example: login User id? user Password? <not echoed> Invalid user id or password; please try again. Login please. ER! Well, that sure didn't work. Notice how PRIMOS didn't echo your password to you. The above example is from a non-PRIMENET Prime. After this bad entry you are probably still connected, so you can have another go at it. A non-PRIMENET system generally has a high bad-login threshold, so you can make many attempts per connect. A PRIMENET system on the other hand is more of a bitch to hack as it will disconnect you after the first incorrect login. Here's another example (assuming you are hacking a PRIMENET system from the TELENET X.25 network): @214XXX 214 XXX CONNECTED PRIMENET 20.0.0 VOID login user Password? <not echoed> Invalid user id or password; please try again. 214 XXX DISCONNECTED 00 00 00:00:00:08 9 7 As you can see, one chance is all you get with a PRIMENET system. A minor note is in order here regarding all the myriad of X's in the above example. I have masked the last three digits of the system's NUA (Network User Address), for I do not wish all you eager PRIMOS hackers to start banging on my system's front door (grin). I have also edited the system's nodename from its actual nodename to a more appropriate one (grin). I will continue to mask all system identifi- cation from my examples. So far you are accustomed to typing in 'LOGIN' and pressing RETURN to start logging in. On all Primes you can nest the 'LOGIN' command and your User ID in the same line, as is illustrated in the following example: login user Password? <not echoed> And on a very few other Primes you can do a full LOGIN nest, as such: login user password You might not wish to use full-nesting capability when other hackers are lurk- ing about, as they might decide to practice shoulder surfing (grin). If a User ID/password combination (hereafter referred to as an 'account') is valid, you will recieve the following login herald from PRIMOS: USER (user 87) logged in Sunday, 22 Jan 89 16:15:40. Welcome to PRIMOS version 21.0.3 Copyright (c) 1988, Prime Computer, Inc. Serial #serial_number (company_name) Last login Wednesday, 18 Jan 89 23:37:48. 'serial_number' and 'company_name' will be replaced by the actual serial number and company name of the company that owns the Prime computer site. Just one more small thing I need to cover about the 'LOGIN' command right now, and that is login troubles. Troubles? You bet'cha. The first trouble occurs when the account you login to exists and is valid, but it doesn't have an init- ial ATTACH point (in other words, you don't seem to have a 'home' directory). This is no fun, since this account cannot be logged into. Bah. The other tro- uble is remote user passwords. This is definitely no fun. The prompt for such are generally different from one another, as they run both commercial and cust- om written software to handle this. When you come upon a remote password, try the User ID and, if that doesn't work, then try the system's nodename. If both of these attempts fail, you can either keep trying passwords (brute-force hack- ing) or you can give it up and move onto the next account or system. A popular commercial front-end security package is "LOGINSENTRY" from Bramalea Software Systems, Inc. "LOGINSENTRY" is an excellent package, so good luck when you go up against it. It supports remote passwords, password aging, old-password databasing, etc. That's about all you need to know about the 'LOGIN' command right away. In the section on Prime Networking I will discuss the remote login feature (similar to the UNIX 'rlogin' command). For now, this will suffice. Here is a listing of default PRIMOS accounts along with some other accounts I find that work occasionally (i.e, more than just once): NOTE: The '+' and '*' symbols are not parts of the User ID. User ID Password Comments _______________________________________________________________________________ + ADMIN ADMIN, ADMINISTRATOR Administrator account + CMDNC0 CMDNC0 External command UFD maintenance