| Title: | -={ H A C K E R S }=- |
| Notice: | Write locked - see NOTED::HACKERS |
| Moderator: | DIEHRD::MORRIS |
| Created: | Thu Feb 20 1986 |
| Last Modified: | Mon Aug 03 1992 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 680 |
| Total number of notes: | 5456 |
I have an account on a remote TOPS-20 system somewhere in Texas(?)
which bills time used to my credit card. Just from my first quick use
of the system, it doesn't look too secure (would you believe a password
of 'welcome'?), and my account ID (no other password to distinguish me
from any other user) looks to me to be an acronym of my bank and credit
card number. As soon as I log into the system at the @ prompt, I am
asked for my "Account ID:", and then the menus start coming up. This
has me wondering about these people...
Supposedly I am trapped in a command procedure or program (I'd rant
about the quality of the program, but it's probably not important) with
no way to escape. However, I am a bit concerned about security. If
there were a way to escape to 'command level' (or whatever the
equivalent is on TOPS-20), I imagine I could find a list of all other
(active?) account IDs. That would be bad...
Anyway, I'd like to know what commonly known ways there are to break
out of programs/command_procedures on a TOPS-20 machine. If any of them
work, I'll yank my account, if not, I may keep it. Kind of like the
various things that people try on "impenetrable in-use procedures".
Any ideas? I'm not trying to hack the machine, just checking the
security of it. The connect prompt says TOPS-20 Monitor 5.1(15117).
Many thanks in advance,
Willie
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 335.1 | GALLO::RASPUZZI | Michael Raspuzzi | Fri Oct 17 1986 12:24 | 32 | |
Just because the machine runs TOPS-20, I too would worry about
security. Then again, since I work with the code for the monitor
all the time, I know what is weak.
Generally speaking, if the machine is running a "funny" EXEC (TOPS-20
equivalent of DCL) then you really can't do anything outside of
this funny EXEC. The EXEC can be hacked to turn off commands and
to restrict access to certain things. Also, most sites that are
security conscience are running some type of ACJ to limit what you
can and can't do.
If you don't have access to privs, then you won't be able to do
anything outside of the command environment you are put in. My concern
would be how secure are the privved accounts? I know OPERATOR is
one of them. If I knew who the system programmers were I probably
could try to bust into their accounts. Once your in with privs,
there is nothing you can't do. One of the fundamental assumptions
of the monitor is you can't defend against a WHEEL (TOPS-20 style
SETPRV) or someone with OPERATOR privs. Once a WHEEL is in, he could
shut off the ACJ and start his fun.
I see they are running the latest and greatest 5.1 monitor, however,
TOPS-20's current release is 6.1 and I think customers are getting
autopatch tape 14 soon (edit 16230).
Mike
TOPS-20 developer
By the way, if this program/command procedure or whatever you are
put in when you login ever breaks or halts due to a bug, you could
be put in an intersting situation. Maybe not have privs, but I bet
you could findout more than you could before.
| |||||
| 335.2 | I almost forgot | GALLO::RASPUZZI | Michael Raspuzzi | Fri Oct 17 1986 12:26 | 4 |
There is a notes conference on TOPS-20 for anyone interested. It
is LATOUR::TOPS. Press KP 7 to add it to your notebook.
Mike
| |||||
| 335.3 | No such thing as "CAPTIVE" on TOPS-20 | LA780::LONGO | Bob Longo | Sun Oct 19 1986 13:14 | 6 |
Unless they have EXEC sources and a good system-programmer, there
is no way to prevent a user from breaking out of a "captive" command
procedure on TOPS-20. All you need to do is pound on ^C several
times IMMEDIATELY after you type the return after your password.
-Bob "had_a_4_bit_lobotomy_and_almost_forgot_TOPS-20" Longo
| |||||
| 335.4 | CRATE::COBB | Danny Cobb, DSS Eng, LKG | Mon Oct 20 1986 13:24 | 6 | |
...and you can also try to get into DDT once you've gotten to the
EXEC, and probably patch the most recently run program (the "menu"?)
to do lots of interesting things (provided you're able to SAVE it
back from whence it came...)
Danny
| |||||
| 335.5 | a new login.com anyone? | NRLABS::VENKI | William P.N. (Wookie::) Smith | Tue Oct 21 1986 13:24 | 13 |
Yup, control-C after the password worked just fine, I spent about
5 minutes getting directories and poking around, listed out the
billing file, and logged out. I was very good, I didn't touch
_anything_ at all, and tho I didn't get billed for the time, (at
$0.99 per minute), I don't feel I ripped them off. Called the guy
up this morning and told him to close down my account and remove
all traces of my credit card number from the system. He asked why
and sounded really surprised when I told him he had no security
at all. AAAARRRRGGGGHHHH!!!! Oh, well, it's been instructive
anyway. Many thanks for everyone's assistance.
Willie
| |||||