💾 Archived View for spam.works › mirrors › textfiles › phreak › rsts2.txt captured on 2023-06-16 at 19:49:02.

View Raw

More Information

-=-=-=-=-=-=-

 
ShadowSpawn BBS Presents...
 
 
 
 INSIDE RSTS/E VOL. II
 
 
                           INSIDE RSTS/E
                           -------------
 
                    by:    THE MARAUDER
 
                 THE COUNCIL OF THE FEDERATION
 
    In this volume, i will discuss some of the basic bugs in RSTS/E that can
be used to your advantage (and to others dis-advantage).., I will assume you
have read my first part on rsts/, or have a working knowlege of the basic
system commands, and that you already have aquired a valid account..
 
 
1)           FREE SPACE
 What is free space?, Well on -all- rsts/e systems, there is a portion of the
disk, assigned to 'free space', what basically is, is space free for the saving
of files, when you issue a save, or open command, rsts/e simply grabs however
many blocks are needed from this space, and stores your file there, then this
space is marked as being 'unavailable'.  When you delete, or kill a file the
exact opposite happens, rsts/e moves a few pointers, which mark this space as
'available, (or free)' space, leaving the entire file 99% of the time totally
intact!!.
 Here is an algorythym for a program to read free space:
 
  10 open 'file.ext' as file 1%
  20 put #1%,record XXXXX%
  30 close 1%
  40 end
 
 where:
                 file.ext = any valid filename you want the free space to
                            be placed in.
 
                 XXXXX%  = any integer between 1 and 32767 inclusive, telling
                           how many blocks of free space you wish transferred
                           into 'file.ext'.
 
for example, if i wanted to read 500 blocks of free space into a file called
             "free.spc" i would write my program as follows:
 
     10 open "free.spc" as file 1%
     20 put #1%,record 500%
     30 close 1%
     40 end
 
Now in my directory would be the file 'free.spc' holding 500 blocks of free
space.. you can now simply pip, teco, etdt.. or any text editor to examine
the contents of this file.. whatever was deleted in the past few hours will
usually be 99% intact this includes BASIC programs, any ascii text files
(compiled code is untranslatable si it's useless). This is especially
usefull at schools in the beginning or end of year when the administration
is deleting and creating new accounts..
 
 o NOTE: You (and anyone else) can prevent files from going to free space
         in a readable format. when deleting as file, prog, etc.. use the
         following..
 
         pip prog.ext/wo/lo      (on rsts/e v6.00 and earlier)
         pip prog.ext/de/er      (on rsts/e v7.00 and later  )
 
 what this does in effect is tell pip to 'write zeroes' over the entire
 file before releasing it to free space..
 (few persons know to use this, and fewer still ever use it!!)
 
2)      PROGRAMS WITH 'HOLES' IN THEM
 
   on most systems there are usually a few programs that have holes in t
that can be used to your advantage.. here are a few i have found..
 
if the system you are hacking supports a 'basic +2' runtime system
(prompts with 'well??'  from the basic
keyboard monitor (from 'Ready')..
 
sw bp2com
esp
^Z      (controll Z)
 
 this is a ledgendary bug in the older versions of rsts/e, what is basically
does is switch to basic plus 2 as the default keyboard monitor, executes the
ccl that envokes the RPG editor (esp), then controll z's (exits) out of it
leaving FULL PRIVLIGES INTACT !!!,  so you can run any program on the system!
 
another big hole i have found, is in the program '(1,2)rpgdmp.tsk', which
is a rpg ascii dump program, used for dumping rpg source code and checking
for stray controll char's that have a way of getting into rpg source and
playing hell with the compiler.. to use it simply try:
 
   run (1,2)rpgdmp
 
 it will ask you for a file name, then output device..
 
 well you can give it any file name on the system (like $acct.sys), and it
will be dumped to whatever output device you selected!!! (screen, lp:, disk)
 
 
 UNTIL THE NEXT VOLUME......
 
                           dial with care..
 
 
                              The Marauder
 
sysops are free to use this, as long as nothing is changed.
 
 
------------------------------------------------------------------------------
Presented by:     The Council of the FEDERATION
------------------------------------------------------------------------------
@ (C) 1985, THE MARAUDER