💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › primos5.txt captured on 2023-01-29 at 07:54:48.
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
_______________________________________________________________________________
INTRODUCTION TO THE PRIMOS OPERATING SYSTEM
Part V (Languages and Advanced PRIMOS Material)
Written by Violence
Copyright (C) 1989 The VOID Hackers
_______________________________________________________________________________
Welcome to the fifth and final part of my series on the PRIMOS operating sys-
tem. In this last installment, I will cover many of the aspects of PRIMOS that
I have overlooked, including:
o Program Types and Execution (Languages)
o All about Access Control Lists (Setting and Editing)
o Abbreviation files (use and investigation thereof)
o The physical system console of a Prime computer system
o The ACL's and Read/Write Locks Used to Protect the SAD
o Hacking older (outdated) revisions of PRIMOS
o Some useful CPL utilities that enhance PRIMOS
o References and Acknowledgements
o Epilog - The End of a Series
As you can see, part V is the "throw-together, finish-it-up" installment. Here
I will cover everything that I have failed to do so in the previous parts. You
should by now have a fairly good working knowledge of PRIMOS. I hope this last
installment will make all you eager PRIMOS hackers happy. Enjoy!
_______________________________________________________________________________
PROGRAM TYPES AND EXECUTION
From the file extension listing in Part I you can see that There are many diff-
erent types of programs, each with their own file extension. How can you look
at and execute these programs? Well, that's what this section is all about.
To start off, let's talk about CPL programs. CPL is Prime's "Command Procedure
Language" and, like VAX/VMS's DCL, is an interpreted language for performing
rudimentary tasks. This is not to say that it is unable to perform complicated
tasks, for it most certainly can. Most commonly a user's LOGIN file will be a
CPL program (usually called CPL's).
CPL programs are SAM type files and can be SLISTed as usual. There are several
methods for executing a CPL program. In these examples, I will assume the file
is called VOID.CPL. Here are the examples:
OK, cpl void
OK, r void.cpl
The first example illustrates use of the CPL command. When CPL'ing a program,
you need not include the ".CPL" file extension, but you can if you want to. In
the second example we see the R command. R is not really the command name, but
the command's abbreviation. The full command name is RESUME. RESUME requires
that you include the file extension along with the filename. Should a CPL pro-
gram be located in the CMDNC0 directory, then you can execute it by simply ent-
ering it's name. An example would be:
OK, void
That would execute the VOID.CPL program located in CMDNC0. In fact, any file
located in CMDNC0 can be executed by simply typing it's name. You can, of cou-
rse, append the file extension, but that is not necessary.
CPL is a rather rich language and you can write many utilities with it. Every-
thing from a utility to perform mediocre tasks to a full-fledged BBS/Chat prog-
ram. CPL is really beyond a simple scripting langage. One thing Prime should
consider is adding some new commands to CPL and writing a compiler subsystem
for it. Tough work, yes, but the benefits would easily outweigh the problems
involved (at least from my viewpoint). Until then, interpreted CPL is quite OK
though. It's fast enough.
It is beyond the scope of this series to provide instructions on programming in
CPL, but there are alreasy some files floating around regarding it. The file
in TCSB #1 (by Necrovore) lists all the CPL commands but is not very helpful in
the examples department. With enough reader-response I might sit down and
pound out a good CPL tutorial.
On with the show...
BAS files cannot be executed, as they are BASIC source code. You will want to
compile the source and then execute the compiled code. To enter the BASIC sub-
system you enter BASIC at the command line. Like this:
OK, basic
If the Prime you are on has BASIC/VM (called BASICV) available then I suggest
that you use it, as, unlike standard BASIC, BASIC/VM is virtual in nature,
making the machine's memory appear to be a hell of a lot larger than it really
is. To invoke BASIC/VM, you would type (at the command line):
OK, basicv
Either way, you should get the ">" prompt. At this point, you need to load in
the BAS file and compile it. All of the following examples assume that you are
using BASIC/VM, as it is a lot more recent in nature. BASIC commands are very
similar to BASIC/VM commands. On with the show. In the following examples I
will show you what it would look like if you were to invoke BASIC/VM, load in
a BAS program called VOID.BAS, compile it, and quit.
OK, basicv
[BASICV Rev. 22.0.0 Copyright (c) 1988, Prime Computer, Inc.]
[Serial #serial_number (company_name)]
>n void.bas
>list
10 ! This is a sample BASIC/VM program
15 ! Written by Violence (C) 1989 VOID
20 !
25 PRINT '[BASIC/VM EXAMPLE Rev. 22.0]'
30 !
35 ! That revision level is a joke. Heh.
40 !
45 INPUT LINE 'Enter some text,' A$
50 PRINT
55 PRINT A$,LIN 1
60 END
>comp void.bin
>q
OK,
The 'n' command stands for NEW (either N filename or NEW filename will work).
It is saying to BASIC/VM that the new filename is to be VOID.BAS. BASIC/VM lo-
ads VOID.BAS into the workspace. The LIST command should be obvious. The COMP
command is the abbreviation for COMPILE. It takes the source code, checks it
for errors, and compiles and links it into a binary file. This file can be
executed by using the RESUME command, as illustrated:
OK, R VOID.BIN
BASIC source code, as well as other types of source code (CBL, FTN, F77, etc.)
will not compile if it contains errors. To enter the other available compilers
you must enter the name of the language compilers. Available compilers consist
of the following:
* BASIC Prime BASIC compiler
* BASICV Virtual memory BASIC compiler
* COBOL COBOL compiler
DBASIC Interpreted BASIC with double-precision arithmetic
* F77 Compiles FORTRAN 77 or FORTRAN IV code
* FTN Compiles FORTRAN IV code
* NCOBOL Non-shared (non-virtual) COBOL compiler
* PL1G Compiles PL/1, subset G code
* PMA Assembles Prime Macro Assembler code
RPG Compiles an RPG II program (non-virtual)
SPL Compiles an SPL program
VRPG Compiles an RPG II program (virtual)
Language systems commonly found on Primes are denoted with an asterisk (*).
Generally, to execute compiled source code, use the RESUME (R) command. If the
program is located in CMDNC0, just issue the filename (less the file extension)
to execute it. Use SLIST to view source code. Most always, source code will
have file extension denoting the language type. If a source code file does not
have an extension then SLIST it. Lots of times a source file will tell you
what language it was coded in in its comment header.
I am not going to go into the other languages as many hackers are not familiar
with high level languages such as FORTRAN IV, FORTRAN-77, PL/1 Subset G, etc.
Quite a few are, but not as many as one would think. The information I have
presented on CPL and BASIC/VM is enough to get you on your way, and besides,
there are other means of learning these languages:
(a) Looking at source code files and learning
(b) Purchasing language manuals from Prime Computer, Inc.
(A) is easy to do. Just look for files with the extensions '.FTN', '.BAS',
'.PLP', '.PL1', '.PMA' and so forth. Remember, '.SAVE' and '.BIN' are compiled
code and not source.
(B) may not seem like a good or easy option, but it's not so bad at all! Prime
Computer, Inc. will sell you manuals for these languages for about $20 to $25
a piece. Not so bad when you consider most manuals cost even more. Just call
up Prime Computer, Inc.'s Telemarketing Department and request info or buy them
right then and there. Should they ask why you want manuals, tell them you are
a freelance Prime programmer. They love that one. Here's the address, etc:
Software Distribution
PRIME COMPUTER, INC.
1 New York Ave.
Framingham, MA 01701
(617) 879-2960
ext 2053, 2054
_______________________________________________________________________________
SETTING AND EDITING ACCESS CONTROL LISTS (ACL'S)
You have already learned how to check the ACL (Access Control List) protecting
a specified UFD and you also know what each of the access rights are and what
they mean. If you have forgotten any of these things then please refer to Part
II of this series. First off I will explain ACL's and how they are set up.
Then I will go into the actual editing and creating of ACL's.
ACL's are stored in Access Catagories (ACAT's) and can protect not only UFD's,
but also individual files. An ACL is a list of users and access rights for the
objects they cover. Each entry in an ACL governs who has what rights to a par-
ticular filesystem object. Each entry in an ACL is an ordered pair, as is ill-
ustrated by this structural example:
identifier:rights
The two fields in an entry in an ACL must be separated by a colon (:). ACL's
may contain up to 32 pairs but may not be longer than 160 characters in length,
including blanks.
An identifier is one of three types, a single user ID (such as SYSTEM), a group
identifier (like .PROJECT_ADMINISTRATORS$), or a special identifier (like $REST
meaning everyone else not specified in the ACL).
Access categories are files that contain an ACL. ACAT's are used to protect a
set of files in a similar matter. A good example of ACAT usage is the SAD UFD
on a Prime computer (located off of MFD 0). SAD is protected in such a manner
that all of the files therein are protected similarly. Basically, ACAT's are
useful when protecting files in a UFD differently from one another.
Here is a sample ACL for a UFD called STEVE. I will be using this ACL for all
further examples used in this section.
ACL protecting "<Current directory>":
STEVE ALL
SYSTEM ALL
LOWERY DALURW
JOHNSON DALURW
$REST: NONE
Notice that the owner of this UFD, STEVE, has ALL rights to his UFD. This is
obvious, of course. Also notice that SYSTEM has ALL rights also. This is pro-
bably due to backup reasons, etc. STEVE has also given the users, LOWERY and
JOHNSON DALURW access to his UFD. Possibly they are in the same department and
are working together on a project of some sort. The $REST identifier is a
wildcard indicating that no other system user has any access to STEVE's UFD.
Let's say that LOWERY no longer works on the project with STEVE and JOHNSON.
Therefore LOWERY's access to STEVE's UFD needs to be terminated. In addition,
JOHNSON needs P (Protect) access to STEVE's UFD. Lastly, STEVE wants to add
SIMPSON to his ACL (LOWERY's replacement, perhaps). To perform these changes,
STEVE must edit his UFD's ACL. To do this he will have to use the EDIT_ACCESS
command (abbreviated EDAC). Here is what he would type:
OK, edac <user02>steve lowery: johnson:pdalurw simpson:dalurw
Sorry for the runover, but ACL related command lines are generally lengthy. It
should be easy for you to track the modifications presented in the above examp-
le. Notice that STEVE did not list himself or SYSTEM. Why? Because he wasn't
making changes to them. When using EDAC you need only list all ACL changes.
The EDAC command will be useful for editing rights into other people's ACL-
protected UFD's (assuming you have access to do such). STEVE's new ACL looks
like this:
ACL protecting: "<Current directory>":
STEVE ALL
SYSTEM ALL
JOHNSON PDALURW
SIMPSON DALURW
$REST: NONE
If you happen to create an account on a Prime computer you will want to protect
your UFD with an ACL. To do this you will want to use the SET_ACCESS command
(abbreviated SAC). Let's go back into time when the system administrator of
STEVE's system created his account. Also assume that the sys admin didn't cre-
ate a default ACL for STEVE. Here is what STEVE did to create his original ACL
entry:
OK, sac <user02>steve steve:all system:all lowery:dalurw johnson:dalurw
$rest:none
Unlike EDAC, SAC requires you to list all ACL fields. Failure to list a field
will cause the field to have NONE as the access right.
EDAC and SAC will usually prompt you as to whether or not you really want to
make the specified changes, if you want to overwrite an existing ACL file, and
so forth. If you supply a -NO_QUERY argument to the end of the entry then you
will not be prompted at all. Abbreviate -NO_QUERY with -NQ. A good example is
SAC'ing an existing ACL to make wholesale modifications. To avoid the 'are you
sure' type prompt, type this (using our previous SAC example):
OK, sac <user02>steve steve:all system:all lowery:dalurw johnson:dalurw
$rest:none -nq
Remember, when SAC'ing and EDAC'ing ACL's include the full pathname of the ACL
file. And remember to include the owner as having ALL rights, as failure to do
so can lock you out of a UFD or other filesystem object.
Other access-related commands are LIST_ACCESS (abbreviated LA, detailed in Part
II of this series), RWLOCK, SET_DELETE, and PROTECT. Use Prime's online 'HELP'
for descriptions of these commands.
_______________________________________________________________________________
PRIMOS ABBREVIATION FILES
While most PRIMOS commands are not long enough to be an inconvinience, it can
occasionally be irritating to type a command or command with arguments that you
commonly use. The solution? Abbreviations.
PRIMOS fully supports abbreviations. Abbreviations are exactly what they sound
like; shortened commands that represent full commands. Some good examples that
illustrate this are as follows:
(a) Say you like use the -DETAIL argument of the LD command as opposed
to the normal form of LD. Instead of having to type LD -DET all
the time you can create an abbreviation called LF that will, when
issued, tell PRIMOS to do an LD -DET.
(b) Say you frequently issue the CLOSE ALL command. Wouldn't it be
nicer to be able to type CA instead of CLOSE ALL all the time?
(c) Say you create many temporary (T$xxxx) files and that you have to
delete these files when done with your session. Instead of 'hand-
deleting' them before you logout, make an abbreviation called DT
that PRIMOS interprets as DELETE T$@ -NQ.
Those three examples illustrate the usefulness of abbreviation files. Another
nice fact about abbreviation files is that people occasionally store passwords
to passworded UFD's (non-ACL) and NUA's to various and sundry systems on the
network. So inspecting peoples' abbreviation files is also good hacking pract-
ice. In this section I will describe how to access, list, use, and create abb-
reviation files.
Abbreviation files can be called from within CPL program as well as used during
interactive sessions. Another important fact about abbreviation files is that
they can contain only normal commands and not subcommands. That is to say, you
can abbreviate any normal command line procedure, but you cannot make an abb-
reviation to enter NETLINK, call and NUA, and THEN log you in.
The system administrator can turn abbreviation files on and off, thus some ins-
tallations will not be able to use abbreviation files.
First off lets learn how to look at and use existing abbreviation files (ABBREV
files). At the start of a session you must tell PRIMOS to 'turn on' your abb-
reviation file. Usually a user's LOGIN.CPL or LOGIN.COMI file will do this for
you, but if you want to look inside another user's ABBREV file you will need to
know how to do this from the PRIMOS command line. Type:
OK, abbrev pathname
where 'pathname' is the full pathname of the ABBREV file you wish to activate.
To see what is inside the ABBREV file, issue the following command:
OK, abbrev -list
Very simple. To deactivate an ABBREV file, simply type:
OK, abbrev -off
If you wish to turn the ABBREV file back on, type:
OK, abbrev -on
If you have activated a new ABBREV file (with the 'ABBREV pathname' command)
then you will have to use the 'ABBREV pathname' file to turn the ABBREV file on
again.
Note that logging off will automatically turn on an active ABBREV file. Also
note that you can only have one active ABBREV file at any given time.
To create a brand new ABBREV file, you need to issue the following command:
OK, abbrev newpathname -create
An example would be:
OK, abbrev void -create
OK,
Sub: Other Nets [BitNet etc..]
Read: (1-30), Message # 30, (c/r)=Next Msg ?::R
30/30: Last prime file 10 of 10...
Name: Predat0r #1 @5211
Date: Sun May 05 22:40:43 1991
From: Youth International Party Line (Kentucky)
Now you have an empty ABBREV file named VOID. Abbreviations consist of two
parts, a name and a value. Names can be up to 8 ASCII characters in length and
can contain any character except for spaces, single-quotes ('), commas (,),
greater-than symbols (>) and vertical bars (|). Also remember that PRIMOS con-
verts all command line text to UPPER CASE, so case is irrelevant in the name.
NOTE: Do NOT start an abbreviation name with a hyphen (-). If you do then you
will have to enclose the entire name in single-quotes (') whenever you
issue the ABBREV command. Example, an abbreviation named -VOID can only be
called if you type '-VOID' and so forth.
Values contain the ASCII text that the abbreviation name represents (ie, the
actual command line procedure). Values can contain all characters.
Now let's create a sample ABBREV file. Let's fill it up with some useful abb-
reviations. Type:
OK, abbrev -add test cpl test
OK, abbrev -add ca close all
OK, abbrev -add lf ld -det
OK, abbrev -list
Abbreviation file: <USER02>TVH>VOID
Abbreviations: 2
TEST cpl test
CA close all
LF ld -det
OK,
Okay, here we have just created three abbreviations. These abbreviations will
now be interpreted as commands by the PRIMOS command line. Thus, typing:
OK, test
will execute the CPL program called TEST (or TEST.CPL; recall that CPL does not
require you to enter the file extension). CA would act just like you had typed
CLOSE ALL, and so on. Be aware that an abbreviation file cannot contain more
than 200 abbreviations.
To delete an abbreviation file entry, type:
OK, abbrev -delete abbrevname
Thus, to delete the TEST abbreviation, we would type:
OK, abbrev -delete test
These are the basics of the abbreviation subsystem. There are more advanced
commands that I have not gone over due to spacial limitations. To obtain more
information on the abbreviation subsystem, type:
OK, abbrev -help
_______________________________________________________________________________
THE PHYSICAL SYSTEM CONSOLE
The physical system console of a Prime computer has added power over any other
local or remote terminal. It is only from this one specific console that
several potent operator commands can be issued and invoked successfully.
A few of these console-specific commands will be boring to any hacker not into
system programming on a Prime. Some commands, however, will be rather useful.
About the most useful console command is the 'RESUS -ENABLE' command. As you
might recall from Part III, RESUS is the REmote System USer facility. That is
to say, when RESUS is enabled and you are logged into an administrator account,
you will actually be a virtual system console. This will allow all console
commands to be able to be used from any local or remote terminal. The -ENABLE
argument simply tells PRIMOS that you want to turn RESUS on.
Another useful console command is the user logoff command. With this you will
be able to logoff users other than yourself. This is not advised.
Other useful commands are the log management commands. These will allow you to
make your presence on the system virtually unknown. Simply edit all logs, both
PRIMOS and NETWORK related, and kill all references to yourself. There is much
that you can do. For a full list of operator commands you will have to invoke
the online HELP facility by typing, you guessed it, HELP. Without an argument,
it should list all the PRIMOS commands. Just pick out those that say 'Operator
Command' beside them.
I'm not really going to continue with this topic as you will have a hard time
getting console capability unless you are on-site or the fools have RESUS
enabled and you are using a SYS1 priv'ed account. You don't need the logging
commands to edit the logs (just the SYS1 privs). Lastly, there are ways of
getting console that I will not discuss. I just want you to know that there
are additional methods available and that you should work at finding them. Its
the best way to really learn (besides, it's too sensitive to release to the
general hacker community).
_______________________________________________________________________________
THE ACL'S AND READ/WRITE LOCKS USED TO PROTECT THE SAD
It should prove both helpful and informative to know how the SAD (System Admin-
istration Directory) is protected. The following 'map' displays the SAD ACL's
and their associated access rights.
SAD - System Administrator Directory
|
| (System Administrator: ALL)
| (Login Server: ALL)
| (Everyone Else: LU)
______________|_______________________________________
| | | | |
UVF SDF MGF MPF PD (Sys Admin: ALL)
(DEFAULT) (DEFAULT) (PA.ACAT) (PA.ACAT) | (Login Srv: LUR)
| (PA.ACAT: LURW)
______________________________________________________|
| | | | |
MPP PVF PPPF PDF BACKUP
(Sys Admin: RW)(DEFAULT) (DEFAULT) (DEFAULT) (Sys Admin: ALL)
(Login Srv: R) (PA.ACAT: DALURW)
(PA.ACCR: R)
PA.ACAT = System_Administrator: RW
.PROJECT_ADMINISTRATORS$: RW
SAD = System Administration Directory UVF = User Validation File
SDF = System MGF = Master Group File
MPF = Master Project File PD = <not sure>
MPP = Master Project Profile PVF = Project Validation File
PPPF = <not sure> PDF = <not sure>
BACKUP = Backup of PA.ACAT PA.ACAT = Project Admin Access Cat
_______________________________________________________________________________
HACKING OLDER (OUTDATED) REVISIONS OF PRIMOS
I hadn't planned on covering any pre-19.x.x revisions of PRIMOS, but I thought
some of you avid network hackers might be interested to know the very basics
about these insecure revisions.
Revisions 18.x.x, 17.x.x and earlier will actually tell you whether or not a
given user ID is valid before asking you for a password. This makes it a
rather trivial task of determining whether or not a given account exists. In
my experiences early revisions of PRIMOS will be found only on obscure nets,
like those in Brazil and Japan. On these archaic revisions of PRIMOS you can
enter CTRL-C as the password of a valid account and automatically bypass the
front door password security. Very nice. You can barely find these ancient
revisions anymore.
These older revisions are not at all like the current revisions of PRIMOS. I
suggest reading the 'HACKING PRIMOS' article by Nanuk of the North if you plan
on penetrating these revisions, as his file was written in the days when 18.x.x
was common.
Not really much more that I can say, as you'll probably never come across these
revisions and even if you do, the command structure they use is enough to cause
severe gastro-intestinal disorders.
_______________________________________________________________________________
SIMPLIFIED MEANS OF ATTACHING TO SUB-UFD'S
Sub-directories are great, but when you start going deeper than 2 levels on a
Prime it starts getting to be a pain. Full pathnames get to be depressing when
you are 6 or 7 levels deep. Enter the UP and DOWN external commands. Recall
that I mentioned these commands in Part II of this series. These externals are
found on most Primes, but there are a few that do not have them available.