ZDDDDDDDDDDDDDDDDDD? IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM; ZDDDDDDDDDDDDDDDDDD? 3 Founded By: 3 : Network Information Access : 3 Founded By: 3 3 Guardian Of Time 3D: 07SEP90 :D3 Guardian Of Time 3 3 Judge Dredd 3 : Guardian Of Time : 3 Judge Dredd 3 @DDDDDDDDDBDDDDDDDDY : File 49 : @DDDDDDDDDBDDDDDDDDY 3 HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM< 3 3 IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM; 3 @DD6 BRIEF UPDATE ON SOME VMS COMMANDS: :DDY : SHOW USERS, SHOW SYSTEM, and STOP/ID= COMMANDS : HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM< This file is just an update on some things I found out after I wrote NIA044.TXT HOW TO CREATE AN ACCOUNT ON A VMS BASED SYSTEM. I'll be going over some items that I have mentioned in NIA044.TXT, but you might be interested in reading them again, for I now have included actual VAX Prompts and such, so you will now have a better idea of what I am talking about. $_Basic_Overview When logging into a VMS based system, you will be greeted by the familiar prompt, which tells you that you are in DCL (Digital Command Language): Username:FIELD Password: Welcome to NETWORK INFORMATION ACCESS DATABASE ... VAX/VMS Version 5.3 Last interactive login on Friday, 7-SEP-1990 20:07 $ $ The Password can be up to any character length that you want it to be set at. It is suggested that the password be under 32 characters. Also the password is NOT shown to you (Or in English, it is not echoed back to your screen ). Username:FIELD Password: User Authorization Failure That means you screwed up, and for you to try again. $_SHOW Command I dialed into our system and pulled out the SHOW COMMAND section for you to look at, this is exactly what is on a MICROVAX 3500 running VMS 5.3 (noticed the new version since 4.7? hehehe), anyways, if you are dialed into any VAX, you can type HELP and get a command, if you want all commands type HELP * and get your buffer ready, BUT REMEMBER it only shows you the commands not ALL OF THE COMMON QUALIFIERS. $ HELP SHOW * SHOW ACCOUNTING The SHOW ACCOUNTING command displays items for which accounting is enabled. For a detailed description of these items, see the discussion of the SET ACCOUNTING command in the VMS DCL Dictionary. Format: SHOW ACCOUNTING Additional information available: Command_Qualifiers /OUTPUT Examples SHOW ACL Allows you to display the access control list (ACL) of an object. Format: SHOW ACL Additional information available: Parameters Command_Qualifiers /OBJECT_TYPE Examples SHOW AUDIT Displays the security auditing characteristics currently enabled on the system. Requires the SECURITY privilege. Format: SHOW AUDIT Additional information available: Command_Qualifiers /ALL /ALARM /ARCHIVE /FAILURE_MODE /JOURNAL /OUTPUT /SERVER Examples SHOW BROADCAST Displays the message classes that are currently affected by the SET BROADCAST command. Format: SHOW BROADCAST Additional information available: Command_Qualifiers /OUTPUT SHOW CLUSTER Invokes the VMS Show Cluster Utility (SHOW CLUSTER) to monitor and display cluster activity and performance. For a complete description of the Show Cluster Utility, including information about the SHOW CLUSTER command, see the VMS Show Cluster Utility Manual. Format: SHOW CLUSTER Additional information available: Command_Qualifiers /BEGINNING /CONTINUOUS /ENDING /INTERVAL /OUTPUT Examples SHOW CPU Displays the current state of the processors in a VMS multiprocessing system. Applies only to VMS multiprocessing systems. Requires change mode to kernel (CMKRNL) privilege. Format: SHOW CPU [cpu-id,...] Additional information available: Parameter Qualifiers /ACTIVE /ALL /BRIEF /FULL /SUMMARY Examples SHOW DEFAULT Displays the current default device and directory names, along with any equivalence strings. These defaults are applied whenever you omit a device and/or directory name from a file specification. Format: SHOW DEFAULT Additional information available: Examples SHOW DEVICES Displays the status of a device on the system. Format: SHOW DEVICES [device-name[:]] Additional information available: Parameters Command_Qualifiers /ALLOCATED /BRIEF /FILES /FULL /MOUNTED /OUTPUT /SYSTEM /WINDOWS /SERVED SHOW DISPLAY Indicates the node where output from a DECwindows application will be displayed. Format SHOW DISPLAY [display-device] Additional information available: Parameter Example SHOW ENTRY Displays information about a user's batch and print jobs or about specific job entries. The display shows each entry's current status as well as its attributes. These attibutes are the job name, owner, entry number, job status, queue name. Requires GROUP privilege to display all jobs in your group. Requires OPER privilege to display all jobs in all groups Format: SHOW ENTRY [entry-number,...] Additional information available: Parameters Command_Qualifiers /BATCH /BRIEF /BY_JOB_STATUS /DEVICE /FILES /FULL /GENERIC /OUTPUT /USER_NAME Examples SHOW ERROR Displays the error count for all devices with error counts greater than 0. Format: SHOW ERROR Additional information available: Command_Qualifiers /FULL /OUTPUT Examples SHOW INTRUSION Displays the contents of the breakin database. Format: SHOW INTRUSION Additional information available: Command_Qualifiers /OUTPUT /TYPE Examples SHOW KEY Displays the key definitions created by the DEFINE/KEY command. Format: SHOW KEY [key-name] Additional information available: Parameters Command_Qualifiers /ALL /BRIEF /DIRECTORY /FULL /STATE SHOW LICENSE Displays software product licenses active on the current node. An active license is one that has been registered in the LICENSE database and loaded into system memory. To register and activate software product licenses, use the License Management Utility (LICENSE), or VMSLICENSE.COM. Some licenses are registered automatically during product installation. For a complete description of this utility, see the VMS License Management Utility Manual, part of the VMS Base Documentation Set. To display licenses registered in the LICENSE database, use the LICENSE LIST command, described with the utility. Format SHOW LICENSE [product-name] Additional information available: PARAMETER QUALIFIERS /BRIEF /CHARGE_TABLE /OUTPUT /PRODUCER Examples SHOW LOGICAL Displays all logical names in one or more logical name tables or displays the current equivalence string, or strings, assigned to a specified logical name or names. The SHOW LOGICAL command performs iterative translations. Format: SHOW LOGICAL [logical-name[:],[...]] Additional information available: Parameters Command_Qualifiers /ACCESS_MODE /ALL /DESCENDANTS /FULL /GROUP /JOB /OUTPUT /PROCESS /STRUCTURE /SYSTEM /TABLE Examples SHOW MAGTAPE Displays the current characteristics and status of a specified magnetic tape device. Format: SHOW MAGTAPE device-name[:] Additional information available: Parameters Command_Qualifiers /OUTPUT Examples SHOW MEMORY Displays the availability and usage of those system resources that are related to memory. Format: SHOW MEMORY Additional information available: Command_Qualifiers /ALL /FILES /FULL /OUTPUT /PHYSICAL_PAGES /POOL /SLOTS Examples SHOW NETWORK Displays the availability of the local node as a member of the network and the addresses and names of all nodes that are currently accessible to the local node. The SHOW NETWORK command also displays link and cost relationships between the local node and other nodes in the network. Format: SHOW NETWORK Additional information available: Command_Qualifiers /OUTPUT Examples SHOW PRINTER Displays the device characteristics currently defined for a system printer. Format: SHOW PRINTER device-name[:] Additional information available: Parameters Command_Qualifiers /OUTPUT SHOW PROCESS Displays information about a process and subprocesses. If no qualifier is entered, only a basic subset of information is displayed: the time, process terminal, user name and UIC, node name, process name and process identification, priority, default directory, and allocated devices. Requires GROUP privilege to show other processes in the same group. Requires WORLD privilege to show processes outside your group. Format: SHOW PROCESS [process-name] Additional information available: Parameters Command_Qualifiers /ACCOUNTING /ALL /CONTINUOUS /IDENTIFICATION /MEMORY /OUTPUT /PRIVILEGES /QUOTAS /SUBPROCESSES Examples SHOW PROTECTION Displays the current file protection to be applied to all new files created during the terminal session or batch job. You can change the default protection at any time with the SET PROTECTION command. Format: SHOW PROTECTION Additional information available: Examples SHOW QUEUE Displays information about queues and jobs that are currently in queues. o Display characteristic names and numbers that are available on queues (see /CHARACTERISTIC). o Display form names and numbers that are available on queues (see /FORM). Format: SHOW QUEUE [queue-name] Additional information available: Parameters Command_Qualifiers /ALL_ENTRIES /BATCH /BRIEF /BY_JOB_STATUS /DEVICE /FILES /FULL /GENERIC /OUTPUT /SUMMARY /CHARACTERISTIC /FORM SHOW QUOTA Displays the current disk quota that is authorized for a specific user on a specific disk. This display includes a calculation of the amount of space available and the amount of overdraft that is permitted. Format: SHOW QUOTA Additional information available: Command_Qualifiers /DISK /USER Examples SHOW RMS_DEFAULT Displays the current default multiblock count, multibuffer count, network transfer size, prologue level, and extend quantity that VAX RMS uses for file operations. Format: SHOW RMS_DEFAULT Additional information available: Command_Qualifiers /OUTPUT SHOW STATUS Displays the status of the current process. Format: SHOW STATUS SHOW SYMBOL Displays the current value of a local or global symbol. Symbols are defined with assignment statements (the = or := commands), by parameters passed to a command procedure file, or by the INQUIRE or READ commands. Format: SHOW SYMBOL [symbol-name] Additional information available: Parameters Command_Qualifiers /ALL /GLOBAL /LOCAL /LOG Examples SHOW SYSTEM Displays status information about current processes: the time, process name and identification, processing state, priority, total process I/O, cumulative processor time used, cumulative page faults, amount of physical memory being used, and type of process. Format: SHOW SYSTEM Additional information available: Command_Qualifiers /BATCH /CLUSTER /FULL /NETWORK /NODE /OUTPUT /PROCESS /SUBPROCESS Examples SHOW TERMINAL Displays the current characteristics of a specific terminal. Each characteristic corresponds to an option of the SET TERMINAL command. Note: SHOW TERMINAL does not list terminal fallback characteristics if any are activated. If the Terminal Fallback Facility is enabled, you can invoke the Terminal Fallback Utility (TFU) and issue the subcommand SHOW TERMINAL/FALLBACK. See the VMS Terminal Fallback Utility for more information. Format: SHOW TERMINAL [device-name[:]] Additional information available: Parameters Command_Qualifiers /OUTPUT /PERMANENT SHOW TIME Displays the current date and time. The DAY element is optional. Format: SHOW [DAY]TIME Additional information available: Examples SHOW TRANSLATION Searches one or more logical name tables for a specified logical name and returns the first equivalence name of the first match found. Format: SHOW TRANSLATION logical-name Additional information available: Parameters Command_Qualifiers /TABLE Examples SHOW USERS Displays the user name and node name (in a VAXcluster environment) of interactive, subprocess, and batch users on the system. Format: SHOW USERS [username] Additional information available: Parameters Command_Qualifiers /BATCH /CLUSTER /FULL /INTERACTIVE /NETWORK /NODE /OUTPUT /SUBPROCESS Examples SHOW WORKING_SET Displays the working set limit, quota, and extent assigned to the current process. Format: SHOW WORKING_SET Additional information available: Command_Qualifiers /OUTPUT We will be viewing SHOW SYSTEM, SHOW USERS, STOP/ID=xxxxx commands today. You will find the STOP/ID= command of most fun and interest in your crossing of VAX's today. As mentioned all the Show commands have been listed above for you and please take your time, view them carefully, for when you are on a system, if you keep typing HELP over and over again, that MAY give you away, I am not saying it will, but, lets just say that someone that looks familiar w/ the system is less a target then someone who keeps typing HELP every so often. So if you must make out a flow chart of what you wish to do or type out everything in advance this can save you extreme amounts of time. $_What You Need To Know About SHOW USERS And Why... Username:FIELD Password: Welcome to NETWORK INFORMATION ACCESS DATABASE ... VAX/VMS Version 5.3 Last interactive login on Friday, 7-SEP-1990 20:39 $ SH U VAX/VMS User Processes at 7-SEP-1990 20:51:38.99 Total number of users = 2, number of processes = 2 Username Interactive Subprocess Batch NIA 1 FIELD 1 MANAGER 1 $ lo FIELD logged out at 7-SEP-1990 20:51:43.98 What has just been shown to you is all the USERS that are ONLINE at the moment. This must be done EVERY TIME YOU LOG ONTO A SYSTEM. Now, re-read everything in all caps there (EVERY TIME YOU LOG ONTO A SYSTEM), you MUST type SHOW USERS, if you see a Username of MANAGER you might want to either log off the system right away or just gamble that he is not really there. But GOT, if Username is there, than that means he is online right? That is what you said. Correct that IS what I said but that is NOT what I meant. When you type SHOW USERS that shows every terminal that has someone successfully entered the system. It does NOT MEAN THEY ARE THERE. A neat and sneaky security trick that SOME(note not ALL Managers)Managers pull, is that they will log into the system and then freeze the terminal that they are on. This gives the IMPRESSION that the MANAGER is logged on and when in all actuallity she/he is NOT. Now do NOT think that this means that every time you log into a VAX and type SHOW USERS and see MANAGER, that you can go, well GOT said its a fake, I did NOT say its a fake, I am saying that it COULD BE A TRICK, and for all instances, the MANAGER could be a dummy account, while the REAL MANAGER is under a different Username. Just be DOUBLE carefull when you see a MANAGER Username. My own suggestion? Log Off IMMEDIATELY. Why take chances? $_What You Need To Know About SHOW SYSTEM $ SHOW SYSTEM VAX/VMS V5.3-2 on node NIA 7-SEP-1990 20:40:27.99 Uptime 0 00:58:55 Pid Process Name State Pri I/O CPU Page flts Ph.Mem 00000041 SWAPPER HIB 16 0 0 00:00:09.57 0 0 00000045 ERRFMT HIB 8 80 0 00:00:00.39 81 116 00000046 OPCOM HIB 8 35 0 00:00:00.32 206 76 00000047 JOB_CONTROL HIB 8 3501 0 00:00:07.89 178 333 00000048 CONFIGURE HIB 8 6 0 00:00:00.12 96 141 00000049 NETACP HIB 10 39 0 00:00:00.53 195 370 0000004A EVL HIB 6 50 0 00:00:00.71 1252 39 N 0000004B REMACP HIB 8 8 0 00:00:00.08 69 38 0000004C MDAEMON HIB 14 12881 0 00:00:15.03 2192 2419 0000004D MGARCOL HIB 9 154 0 00:00:00.88 938 838 0000004E MLOCK0 HIB 4 5 0 00:00:00.40 215 88 0000004F MLOCK1 HIB 4 5 0 00:00:00.41 217 90 00000050 MLOCK2 HIB 4 5 0 00:00:01.05 1817 1690 00000051 MLOCK3 HIB 4 5 0 00:00:01.21 2421 2297 00000052 MLOCK4 HIB 4 6 0 00:00:00.42 215 88 00000053 VAXSIMPLUS 1.1A HIB 8 30 0 00:00:00.26 211 140 000009D9 NIA COM 6 2566 0 00:01:24.07 2735 2181 000009A3 _VTA12: HIB 4 3627 0 00:00:26.76 2714 2164 00000931 _OPA0: LEF 6 2633 0 00:00:11.23 1880 1337 00000AF3 _TXA1: COM 4 9 0 00:00:00.10 122 137 00000AB5 FIELD CUR 7 93 0 00:00:00.86 438 326 000008B6 _VTA11: LEF 7 785 0 00:00:13.02 2410 1881 000004B7 MJB.%ZFRETRM 20 COM 4 771 0 00:03:01.77 2192 2056 00000AFA _TXA1: COM 6 16 0 00:00:00.16 173 211 0000067B _TXA1: LEF 9 26 0 00:00:00.23 199 230 $ $ $ LO FIELD logged out at 7-SEP-1990 20:42:52.00 Show system, shows EVERY single thing out there. Just to give you a quick idea: _VTA12: that is a Terminal _NIA that is a Node FIELD that is a Username in DCL _TXA1: that is a Device The rest are all system files and such. $_Stop Command, And Why It Can Be Fun... The last new command I am going to teach you is the STOP command. Listed below is the VAX HELP on STOP: Username:FIELD Password: Welcome to NETWORK INFORMATION ACCESS DATABASE ... VAX/VMS Version 5.3 Last interactive login on Friday, 7-SEP-1990 21:11 $ HELP STOP * STOP Parameters process-name Specifies the name of the process to be deleted. The process name can have from 1 to 15 alphanumeric characters. The specified process must have the same group number in its user identification code (UIC) as the current process. You cannot specify the process-name for a process outside of your group. To stop a process outside of your group, you must use the qualifier /IDENTIFICATION=pid. If you use the /IDENTIFICATION qualifier, the process name is ignored. If you include neither the process-name parameter nor the /IDENTIFICATION qualifier with the STOP command, the image executing in the current process is terminated. STOP Command_Qualifiers /IDENTIFICATION /IDENTIFICATION=pid Specifies the process identification code (PID) that the system has assigned to the process. When you create a process with the RUN command, the RUN command displays the process identification code of the newly created process. You can omit any leading zeros in specifying the PID. STOP Examples 1. $ RUN MYPROG . . . Interrupt $ STOP The RUN command begins executing the image MYPROG. Subsequently, CTRL/Y interrupts the execution. The STOP command then terminates the image. 2. $ @TESTALL . . . Interrupt $ STOP The @ (Execute Procedure) command executes the procedure TESTALL.COM. CTRL/Y interrupts the procedure. The STOP command returns control to the DCL command interpreter. 3. $ RUN/PROCESS_NAME=LIBRA LIBRA %RUN-S-PROC_ID, identification of created process is 0013340D . . . $ STOP LIBRA The RUN command creates a subprocess named LIBRA to execute the image LIBRA.EXE. Subsequently, the STOP command causes the image to exit and deletes the process. 4. $ ON ERROR THEN STOP . . . In a command procedure, the ON command establishes a default action when any error occurs in the execution of a command or program. The STOP command stops all command levels. If this ON command is executed in a command procedure which in turn is executed from within another procedure, control does not return to the outer procedure, but to DCL command level 0. STOP /CPU Stops the specified secondary processor or processors in a VMS multiprocessing system. The /CPU qualifier is required. Requires change mode to kernel (CMKRNL) privilege. Format: STOP/CPU [cpu-id,...] Additional information available: Parameter Qualifiers /ALL /OVERRIDE_CHECKS Examples STOP /QUEUE The STOP/QUEUE command causes the specified execution queue to pause. The /QUEUE qualifier is required. o Cause executing jobs in the specified output queue to be stopped (see /ABORT). o Cause executing jobs in the specified batch queue to be stopped (see /ENTRY). o Perform an orderly shutdown of the system job queue manager on the node from which the command is issued (see /MANAGER). o Cause the specified queue to stop after all executing jobs have completed processing (see /NEXT). o Cause the executing jobs in the specified queue to be stopped and requeues it for later processing (see /REQUEUE). o Abruptly stop the queue and return control to the system (see /RESET). Format: STOP/QUEUE queue-name[:] Additional information available: Parameters Examples /ABORT /ENTRY /MANAGER /NEXT /REQUEUE /RESET Topic? $ $ LO FIELD logged out at 7-SEP-1990 21:11:57.55 Now you must never start stopping Terminals (remember under Show System _VTA1:???), if you type the following command: STOP PROCESS/ID=8B6(return) You will in effect shut down the terminal. Thus, raising extreme panic modes on the person that is using process id 8b6 (could actually be the MANAGER under a false Username). Where did I get 8B6?? I got 8B6 from SHOW SYSTEM, that, if you recall shows every device, and if you look under the PROCESS ID column you will see where I pulled 8B6 from. When STOPping a process, you do NOT need to type in the entire PROCESS ID, which is 000008B6, all you needed is the last bit of information, or where it actually starts a number or letter. You CAN type the entire line out if you wish, but it saves time and increases speed to just type 8B6 instead of 000008B6. Now why did I tell you about the STOP command? Because if you start stopping PROCESS ID's you are going to raise some dangerous questions the next morning or that night. You can CRASH a system by stopping every device, and in particular, you can shut down NODES as well as MODEMS, TERMINALS, PRINTERS, etc... $_Conclusions Make a chart of what you are going to do, if you can create a text file and print it out, or work it into a program anything, just have something in front of you that you can read your commands off of. The format for any VAX operations are (after you logged in): SHOW USERS : To see if a MANAGER User name is online SHOW SYSTEM : For those interested in other Devices such as modems begin your process If a MANAGER Username is online QUICKLY type LO(return) that is a shortened way of typing LOG OUT. The more you know the system, and the more comfortable you are, the less likely you are to make mistakes, and remember the Golden Rules of Hacking as laid down in Phrack (no I'm not going to reprint them, get the issue yourself), follow them. $_END OF FILE [OTHER WORLD BBS]