ZDDDDDDDDDDDDDDDDDD? IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM; ZDDDDDDDDDDDDDDDDDD? 3 Founded By: 3 : Network Information Access : 3 Founded By: 3 3 Guardian Of Time 3D: 09AUG90 :D3 Guardian Of Time 3 3 Judge Dredd 3 : Guardian Of Time : 3 Judge Dredd 3 @DDDDDDDDBDDDDDDDDDY : File 44 : @DDDDDDDDDBDDDDDDDDY 3 HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM< 3 3 IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM; 3 @DDDDDDDDD6Creating An Account On A VMS SystemGDDDDDDDDDY HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM< I will be using the FIELD account for my tutorial. The FIELD account has SETPRV capability which means, that that particular account can create other accounts and set its own privliges. If the account which you have does NOT have that capability you can NOT create (to my limited DCL Experience) accounts. [===========================] $_LOGGING IN Username:FIELD Password: Welcome to NIA ... VAX/VMS Version 5.04 Last Interactive login on Monday, 6-AUG-1990 17:45 $ The ($) Dollar Sign means that you are at the DCL Prompt or the DIGITAL COMMAND LANGUAGE prompt. You have access to over 200+ Commands to do virtually anything you want. Assuming that your Account has the access. Also keep an eye out when you log in, to see who-else is attempting to hack that account. The system will automatically tell you each time that you log in, how many "Hack" attempts there have been attempted on that account. [============================] $_SHOW USERS The VERY NEXT thing that you should do, is to check for other users. This is a very good habit to get into, for the following example will show you WHY you should do so: $SH USERS VAX/VMS Interactive Users 6-AUG-1990 17:56:54.42 Total number of interactive users = 6 Username Process Name PID TERMINAL FIELD FIELD 000000AF VTA89: MANAGER MANAGER 00000146 OPA0: Notice that the MANAGER is on, now, depending on how active this person is, or not, you MIGHT ( NOTICE MIGHT ), be able to slip by him and not be detected, but I doubt that. If you EVER see the MANAGER account on, LO/HANGUP Imediately, that way, you can come back at a later time. Also note that just because the MANAGER is on, it doesn't mean that he is actually on the system. The terminal can be logged on, and nothing happening, some system managers do this, in an effert to scare hackers away. [===========================] $_PASSWORD CHANGE Once you get yourself an account, be sure to CHANGE THE PASSWORD, this is good to keep the other guy out or to make enough time to create yourself another account or just so that it looks normal. Some system managers may have DCL set up to automatically change your PW after 30 days, so if you come across something that says to change your password do it. B/c if you do not change your password, you will lock yourself out of the system. Also make a note that SOME accounts have a time period on them ( Univiversities SHOULD have this, for thier students ), if you get ahold of such an account, make a note that the system will NOT notify you that your account is about to go dead. When changing your password make sure that the words you use, do NOT in any way correspond to YOU. Meaning that if you smoke do NOT use your brand of cigarretes as a password. You want to be as NON-DESCRIPTIVE as possible, so as not to give the system manager any "clues" that maybe used against you later on. To change your password: $ SET PASSWORD: $ OLD PASSWORD: GUARDIAN $ NEW PASSWORD: DREDD The MANAGER account can determine how many characters YOUR password can be. So if you get a message stating that your password is not long enough you should just make sure you have enough characters. The message you would get looks like this: $SET PASS Old password: New password: %SET-E-INVPWDLEN, minimum password length is 8; password not changed $ You can also have the system generate a password for you. The following example shows how to change the password, for account FIELD with a password length of eight. There are only five passwords listed, what the system will do is to list on the left the password and then on the right side is the same password broken down into syllables. Generaly the easier to say (syllable wise) is the one chosen. Username:FIELD Password: Welcome to NIA ... VAX/VMS Version 5.04 Last Interactive login on Monday, 6-AUG-1990 17:45 $SET PASS/GENERATE=8 Old password: apsjawpha aps-jaw-pha oorsoult oor-soult guamixexab gu-a-mix-ex-ab impsapoc imps-a-poc ukchfgoy uk-chaf-goy Choose a password from this list or press RETURN to get a new list New password: Verification: $ According to the manual (Page 3-9 Security For The User 3.1 Logging In to the System ), there is a wonderful highlighted message that I think you will get a kick out of: NOTE: THE PASSWORD GENERATOR USES BASIC SYLLABIC RULES TO GENERATE WORDS, BUT HAS NO REAL KNOWLEDGE OF ANY LANGUAGE. AS A RESULT, IT MAY UNINTENTIONALLY PRODUCE WORDS THAT ARE OFFENSIVE. [============================] $_Creating User Accounts To begin your creating of an account you must determine if you have SETPRV capability, if you do not, then your wasting your time. That is why it is IMPERITIVE that you get an account with SETPRV privilege. To find out if your account has SETPRV privilege, you just switch to the SYS$SYSTEM directory and RUN AUTHORIZE, if you can run authorize, then you should have the access. But to be certain once you are in the UAF (User Authorization File), you can then type SH FIELD/FULL (or SH username/FULL, username would be the name of your account.) and look under privilege if you have SETPRV your set, if not tough. Basically with my limited knowledge that is 'bout all I know, on how to check if you have access or not. If there is a quicker/better way, I do NOT know. I only just started to dabble in the Digital Command Language (DCL). Once you have dialed into a system, and you are at the DCL prompt, just follow the below format and you should have no problem. $SET DEFAULT SYS$SYSTEM $RUN AUTHORIZE UAF> ADD NIA/PASSWORD="WAXYOLWOS" - UAF> /DEVICE=SYS$SYSDEVICE/DIRECTORY=[SYS$SYSTEM] - UAF> /PWDLIFETIME=30-/PWMINIMUM=8 - UAF> /PRIVILEGES=SETPRV %UAF-I-ADDMSG, user record successfully added UAF> *EXIT* %UAF-I-DONEMSG, system authorization file modified %UAF-I-RDBNOMODS, Modifications made to rights database $ LO/HANGUP Username: Username: NIA password: xxxxxxxxx <- Passwords are NEVER echoed back to you by the system Welcome to NIA... VAX/VMS Version 4.7 $ We will go over the UAF> section, since most of the rest seems easy enough to follow and to handle. UAF stands for User Authorization File. $RUN AUTHORIZE UAF> ADD NIA/PASSWORD="WAXYOLWOS" - You are now creating you User Account, which is NIA and assigning yourself a password that is nine digits long. The - on the end, means more to follow. UAF> /DEVICE=SYS$SYSDEVICE/DIRECTORY=[SYS$SYSTEM] - Now you are assigning to your account a directory in which to create files. That should be the root of the system, so there should be around 366 or more files there. Also if you do NOT assign yourself a directory, the system will still let you log into it. But you will not be able to create any files or such, unless you are in a specific directory. UAF> /PWLIFETIME=30-/PWMINIMUM=8 - The password will automatically expire in thirty days. The system will notify you when your password is due for change. If you do NOT change it, you will be locked out of the system, till the manager re-assigns you a password. So if you are told to change a password DO IT. The password length must be at least eight characters long. Where the eight is you can make that number whatever you want, just as long as you remember that that is the MINIMUM length of your password. The longer your password is, the longer it is for you remember, write down, macro in, whatever. Just remember to keep that passsword. If you lose it, you will in turn lock yourself out of the system you are hacking. UAF> /PRIVILEGES=SETPRV This is the Privilege that you want. The command SETPRV will allow your account to activate any other privilege that there is. This probably the most dangerous command to give out. Make sure your account has it. UAF> *EXIT* That is a control Z, and that will always let you out of the "program" and back into DCL. If your account does NOT have access to create an account (SETPRV Privilege) and you attempt to create an account you will get the following error message: $SET DEFAULT SYS$SYSTEM $RUN AUTHORIZE %UAF-E-NAOFIL, unable to open SYSUAF.DAT -RMS-E-PRV, insufficient privilege or file protection violation $ Which means your NOT entering the UAF program. [============================] $_HINTS Remember that if you are ever stuck just type the word HELP. Vax's are set up so that just about every command has its own HELP TOPIC. Also you might have seen files that show all of DCL's commands? You can type the command HELP *(return) and that will give you a list of all the HELP TOPICS and what they cover. Problem is, almost all HELP TOPICS have SUB HELP TOPICS, and those are NOT listed when you do a HELP *. Also some HELP TOPICS have references and such, and those too, are not listed, unless, you specify it. You do not have to type the entire command out, you can be pretty descriptive and if you become to descriptive the system will tell you that it doesn't recognize the command but for your references Commands can be shortened, for example: $SHOW USERS Can be typed as: $SH U You need to SHO U often. This way you will be able to LO/HANGUP if you see the MANAGER account logged on. Common Commands to use: Control-Z := EXIT this will return you back to DCL Prompt ($) Up/Down := Repeat Last Command SH U := Show Users ( USE Periodically ) LO := Logoff, you have three Qualifiers for logging off HELP := Help Topics, example HELP SHOW or HELP LOGOFF or HELP $_NIA END OF FILE [OTHER WORLD BBS]