[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::hackers_v1

Title:-={ H A C K E R S }=-
Notice:Write locked - see NOTED::HACKERS
Moderator:DIEHRD::MORRIS
Created:Thu Feb 20 1986
Last Modified:Mon Aug 03 1992
Last Successful Update:Fri Jun 06 1997
Number of topics:680
Total number of notes:5456

335.0. "Tops-20 Gurus?" by PHENIX::SMITH (William P.N. (Wookie::) Smith) Thu Oct 16 1986 21:29

    I have an account on a remote TOPS-20 system somewhere in Texas(?)
    which bills time used to my credit card.  Just from my first quick use
    of the system, it doesn't look too secure (would you believe a password
    of 'welcome'?), and my account ID (no other password to distinguish me
    from any other user) looks to me to be an acronym of my bank and credit
    card number.  As soon as I log into the system at the @ prompt, I am
    asked for my "Account ID:", and then the menus start coming up.  This
    has me wondering about these people... 
    
    Supposedly I am trapped in a command procedure or program (I'd rant
    about the quality of the program, but it's probably not important) with
    no way to escape.  However, I am a bit concerned about security. If
    there were a way to escape to 'command level' (or whatever the
    equivalent is on TOPS-20), I imagine I could find a list of all other
    (active?) account IDs.  That would be bad... 
    
    Anyway, I'd like to know what commonly known ways there are to break
    out of programs/command_procedures on a TOPS-20 machine. If any of them
    work, I'll yank my account, if not, I may keep it. Kind of like the
    various things that people try on "impenetrable in-use procedures".
    Any ideas?  I'm not trying to hack the machine, just checking the
    security of it. The connect prompt says TOPS-20 Monitor 5.1(15117).
    
    Many thanks in advance,
    
    Willie
                                                                       
T.RTitleUserPersonal
Name
DateLines
335.1GALLO::RASPUZZIMichael RaspuzziFri Oct 17 1986 14:2432
    Just because the machine runs TOPS-20, I too would worry about
    security. Then again, since I work with the code for the monitor
    all the time, I know what is weak.
    
    Generally speaking, if the machine is running a "funny" EXEC (TOPS-20
    equivalent of DCL) then you really can't do anything outside of
    this funny EXEC. The EXEC can be hacked to turn off commands and
    to restrict access to certain things. Also, most sites that are
    security conscience are running some type of ACJ to limit what you
    can and can't do.
    
    If you don't have access to privs, then you won't be able to do
    anything outside of the command environment you are put in. My concern
    would be how secure are the privved accounts? I know OPERATOR is
    one of them. If I knew who the system programmers were I probably
    could try to bust into their accounts. Once your in with privs,
    there is nothing you can't do. One of the fundamental assumptions
    of the monitor is you can't defend against a WHEEL (TOPS-20 style
    SETPRV) or someone with OPERATOR privs. Once a WHEEL is in, he could
    shut off the ACJ and start his fun.
    
    I see they are running the latest and greatest 5.1 monitor, however,
    TOPS-20's current release is 6.1 and I think customers are getting
    autopatch tape 14 soon (edit 16230).
    
    Mike
    TOPS-20 developer
    
    By the way, if this program/command procedure or whatever you are
    put in when you login ever breaks or halts due to a bug, you could
    be put in an intersting situation. Maybe not have privs, but I bet
    you could findout more than you could before.
335.2I almost forgotGALLO::RASPUZZIMichael RaspuzziFri Oct 17 1986 14:264
    There is a notes conference on TOPS-20 for anyone interested. It
    is LATOUR::TOPS. Press KP 7 to add it to your notebook.
    
    Mike
335.3No such thing as "CAPTIVE" on TOPS-20LA780::LONGOBob LongoSun Oct 19 1986 15:146
    Unless they have EXEC sources and a good system-programmer, there
    is no way to prevent a user from breaking out of a "captive" command
    procedure on TOPS-20.  All you need to do is pound on ^C several
    times IMMEDIATELY after you type the return after your password.
    
    -Bob "had_a_4_bit_lobotomy_and_almost_forgot_TOPS-20" Longo
335.4CRATE::COBBDanny Cobb, DSS Eng, LKGMon Oct 20 1986 15:246
    ...and you can also try to get into DDT once you've gotten to the
    EXEC, and probably patch the most recently run program (the "menu"?)
    to do lots of interesting things (provided you're able to SAVE it
    back from whence it came...)
                                             
    Danny
335.5a new login.com anyone?NRLABS::VENKIWilliam P.N. (Wookie::) SmithTue Oct 21 1986 15:2413
    Yup, control-C after the password worked just fine, I spent about
    5 minutes getting directories and poking around, listed out the
    billing file, and logged out.  I was very good, I didn't touch
    _anything_ at all, and tho I didn't get billed for the time, (at
    $0.99 per minute), I don't feel I ripped them off.  Called the guy
    up this morning and told him to close down my account and remove
    all traces of my credit card number from the system.  He asked why
    and sounded really surprised when I told him he had no security
    at all.    AAAARRRRGGGGHHHH!!!!   Oh, well, it's been instructive
    anyway.  Many thanks for everyone's assistance.
    
    Willie