::: BASICS OF HACKING II: VAX UNIX :::

by Knights Shadow

    Unix is a trademark of Bell Labs.

    Between VAX UNIX systems there are minor differences.

    Hacking a Unix system is difficult. Have an inside source if
possible. Unix systems give no clue to the logon format. Single
words, 8 digits and names are common. But most VAX's have a
SUGGEST account for users to make a comment to the system ROOT
terminal, USSM Operator.

    We can write a program to send the VAX this type of message:
Screen Freeze (CTRL-S), Screen Clear (system dependant), 255
garbage characters, a command to create a logon account, Screen
Clear, then Unfreeze.

    When the terminal is frozen it keeps a buffer of whatever is
sent. The buffer is 127 characters long. Overflow it with trash
then send a command line to create an account. Clear the buffer
and screen again then unfreeze the terminal. This is a crude
method; it is much better to shut down the system.

    There is ALWAYS an account called ROOT, the most powerful
account to use since it contains all of the system files. If you
hack into the ROOT then everything is easy.

    On Unix, the CTRL-D aborts. Watch how many times it is hit
since it is also a way to log off the system!

    Unix Architecture: The ROOT directory is where the system
resides. After this are a few sub-ROOT directories usually to
group files (stats, privs, user log). Under these are the
SUPERUSER (the System Operator) and then finally the regular
users. In Unix's shell everybody is treated identically. You can
access a program the same way you access a user directory and so
on. Unix was written with everything, users included, as program
names belonging to the ROOT directory. Those who have hacked
onto the ROOT can screw everything.

    The Main Level (EXEC Level) prompt on Unix is $, and if you
are on the ROOT, you have the SUPERUSER prompt #.

    To see where you are and what paths are active in regards to
your user account type:

PWD

    This shows your account separated by a / with another path
name (account), possibly many times.

    To connect through to another path or many paths type:

PATH1/PATH2/PATH3

    Then you are connected all the way from PATH1 to PATH3. You
can run the programs on all the paths you are connected to. If
Unix does not allow you to connect to a path then you have
insufficient privs or the path is closed and archived onto tape.
You can also run programs this way:

PATH1/PATH2/PATH3/Program Name

    Unix treats everything as a program and thus there are few
commands to learn. To see what you have access to in the END
PATH type:

LS

    for list. This shows the programs you can run. You can
connect to the ROOT and run its programs with:

/ROOT

    Most Unix systems have their log file in ROOT, so you can
set up a watch on the file, waiting for people to log in and
snatch their password as it passes through the file.

    To connect to a directory use:

CD PATHNAME

    This allows you to do what you want with that directory. You
may be asked for a password. This is a good way of finding other
user names to hack into.

    The wildcard character in Unix, if you want to search down a
path for a game or such, is *:

LS /*

    should show you what you can access. The file types are the
same as they are on a DEC, so refer to that section when
examining a file. To see what is in a file use:

PR FILENAME

    for print file. We advise playing with PATHNAMEs to get the
hang of the concept. There is on-line help available on most
systems with a HELP or ?. We advise you look through the HELP
files and pay attention to anything they give you on pathnames
or commands for the system.

    As a user you can create or destroy directories on the tree
beneath you. This means that ROOT can kill everything but ROOT,
and you can kill any that are below you.

MKDIR PATHNAME
RMDIR PATHNAME

    are the commands.

    You are not alone on the system. Type:

WHO

    to see the other users who are logged on the system at the
time. If you want to talk to one type:

WRITE USERNAME

    which allows you to chat at the same time without having to
worry about the parser. To send mail to a user type:

MAIL

    and enter the Mail sub-system. To send a message to all the
users on the system type:

WALL

    which means "Write All." On a few systems you can hit RETURN
to end a message. On others, CTRL-D. To send a single message to
a user type:

WRITE USERNAME

    This is very handy! If you send the sequence of characters
discussed earlier you can have the SUPERUSER terminal do tricks
for you.

    Privs: If you want SUPERUSER privs you can either log in as
ROOT or edit your account so it reads:

SU

    This gives you the # prompt and allows you to completely
bypass the protection. The wonderful security conscious
developers at Bell made it very difficult to do much without
privs, but once you have them there is absolutely nothing
stopping you from doing anything.

    To crash Unix type:

CHDIR /BIN
RM *

    This wipes out the PATHNAME BIN, where all the system
maintenence files are.

    Or type:

R -R

    This recursively removes everything from the system except
the remove command itself. Or type:

KILL -1,1
SYNC

    This wipes out the system devices from operation.

    When you are tired of hacking VAX just hit CTRL-D repeatedly
and you will be logged out.

    This files seems sketchy since Bell has 7 versions of Unix
out. These commands are common to all of them. We recommend you
hack onto the ROOT or BIN directory since they have the highest
levels of privs. There is virtually nothing to do except develop
software without them.
