The VT Hacker #3, by The Mad Hermit

Well, it’s time for yet another installment in Virginia Tech
hacking. Yes, it’s…. VTHACK #3!!!! Brought to you by the
Mad Hermit and crew. This time, we’re going to focus on the OTHER
big network on campus: LocalNet. LocalNet (L-Net) has been around
for a much longer period of time, and as such has quite a few more
caves and back alleys to explore. Its main purpose is to connect
the faculty and grad students directly to mainframes, and thus
much of what is found when poking around are login prompts. An
aggrivating factor that has been added to this is the inclusion of
“Port Servers” (PS’s). You know when you’ve hit a PS when L-Net
tells you you’ve connected, but no key that you press has any
effect. The purpose of a PS is to act as a deterrent to hackers.
It also might have the additional function of baud rate detection,
but though it sounds logical, we haven’t found out for sure. We
must admit that it does protect. The best way to keep system
crashers away is not to tell them what they’ve found through simple
redialing. This is a lot like keeping party crashers away by
saying that there’s a party going on at a certain place, but not
telling them who’s invited or who’s giving the bash. Effective for
the dim-witted, impatient, and amateur party crashers, but not for
others.
PS’s sit and stare out at you until you start sending it
characters. If the first few aren’t the specific ones it’s looking
for, it will continue to gobble up everything else until you give
up and hang up. Typical PS “codes” are easy-to-remember sequences
like ‘ZZ’ or ‘ASDF’, and they then pass you on to the main login
prompt. These “codes” aren’t like passwords, since the added
access they give you isn’t worth beans unless you’ve got a line on
where to go from the login prompt. However, we here feel that
information like that is in fact “restricted” in that you are
gaining unauthorized additional access to systems. As such, we’ve
decided to leave the fun of figuring them out to those interested
in such weekend diversiions.
Before we give you what you’re probably waiting for: neato
numbers to call on L-Net, we’d like to explain stuff. First, this
isn’t a complete list, nor could it really be. L-Net addresses are
in Hexidecimal and range from 0000 to FFFF. That’s 65536 different
possibilities. We only went through ten thousand of these, and are
only listing those that got any response. Second, L-Net addresses
may connect to any number of ports, but we haven’t seen any more
than 4 or 5. Thus, the total possible connections assuming an
average of 2 ports per connection and an average of about 15
connections per thousand addresses comes to just under 2000.
Assuming this is correct (very doubtful), finding where these are
is quite a task. Third, and on the positive side, some connections
open up large worlds of access. These unpassworded gateways are
known as servers, and typically are DECservers. The biggest and
most notorious is listed at 0358 and can handle a max of 128 users.
You can use these servers to connect to multiple computers at once,
and have extensive help files telling you what to do. Fourth, and
also on the plus side, L-Net doesn’t kick you off. Ever. Multiple
redialing is the name of the game, and listed below is a Red Ryder
script that works under version 9.4 that dials consecutive integers
at a rate of about 40 a minute. Fifth and finally, bum connections
don’t just leave you in the cold. Hitting CONTROL-A twice pops you
immediately into local mode, where a STATUS tells you where you are
connected, and a “DONE X” will disconnect you from session number
X. Calling, by the way, is done by typing “CALL XXXX[,P]” where
XXXX is the hex address, and P is the optional port number, which
is seperated by a comma.

Red Ryder 9.4 Local-Net Scanner Script.

COPYINTO ~8,ENTER NUMBER TO START AT
(GET1)
QUERY1 ~1
EMPTY ~1
IF YES JUMPTO (GET1)
LET EQUAL `1,~1
LET EQUAL `3,`1
COPYINTO ~8,ENTER LENGTH OF SEARCH
(GET2)
QUERY1 ~2
EMPTY ~2
IF YES JUMPTO (GET2)
LET EQUAL `2,~2
ADD `3,`2
COPYINTO ~3,`3
SUBTRACT `1,1
(NEXT)
ADD `1,1
TEST `1=~3
IF YES JUMPTO (QUIT)
TYPE Call
TYPE `1
TYPE ^M
ALERT1 UNIT/JUMPTO (NEXT)
ALERT2 BUSY/JUMPTO (NEXT)
PANICAFTER 10
PROMPT CONNECTED
PAUSE
BELL
BELL
BELL
BELL
JUMPTO (QUIT)
(QUIT)
END

And here’s what our illustrious, untiring crew have discovered:

Node Port# What
—- —– —-
0008 1
0074 0,1 VTME (Mechanical Engineering)
0116 0,1
0124 0,1
0126 0,1
000A 1
000B 0,1
000C 0,1
000E 0,1
00FF 0,1
0170 0,1
0175 0,1 Popeye (Computer Science)
0350 0 VTCC1
0351 0,1 ” ”
0352 0,1 ” ”
0354 0,1 ” ”
0355 1 ” ”
0356 0,1 ” ”
0357 0,1 ” ”
0358 0,1 DECServer 500
0359 0,1 DECServer 500 (same as above, different port bank)
0400 0,1 VTME (again)
0401 0,1 ” ” ”
0402 0,1 ” ” ”
0403 0,1
0404 0,1 VTME (yet again)
0405 0 ” ” ” ”
0450 0,1 DECServers (see note 3)
0451 0,1 ” ” ”
0452 0,1 ” ” ”
0453 0,1 ” ” ”
0454 0,1 ” ” ”
0455 0,1 ” ” ”
0536 0,1
600-601 “Remote Ports Busy”
603-607 “Remote Ports Busy”
1010 0,1
1100-1103 “Remote Ports Busy”
1300 0 VTVM1
5100 1 VTVM1
5300 0,1
5500-5503 “Remote Ports Busy”
5510 0,1
5512 0,1
5514 0,1
5516 0,1
5518 1
5530 0,1
5534 0,1
5536 0,1
5548 0,1
5548 0,1
5550 0,1
5552 0,1
5554 0
6000 1
6002 0 Node[20] (see note 1)
6003 0,1
6100-6103 “Remote Ports Busy”
6200 1 Node[2] (see note 2)
6230-6231 “Remote Ports Busy”
6300 0,1
6301 0,1
6302 0,1 Node[2] (see note 2)
6303 0
6410 1
6414 0
6419 1
6420 1
6428 0,1
6429 1
6433 0
6437 1
643A 1
643B 0
6502 0 VTVMS
6503 0 ” ”
6504 0 ” ”
6505 0 ” ”
6506 0 ” ”
6507 0 ” ”
6508 0 ” ”
6509 0 ” ”
8001 1
8002 0
8003 0
8004 0,1
8005 0
8006 1
8007 1
8008 0
8009 0
8080 0,1
9000-9016 “Remote Ports Busy”
9018-9019 “Remote Ports Busy”
9302 0
9300 0,1,2,3,4

Notes:
——
1) Node[20], popularly known as the Node Router, went out of
services shortly after VTHacker #2 was distributed. Apologies
are NOT extended to those who assumed that the list in VTHack2
was gospel. Things change all the time, and those things that
are especially good tend to go away. Apparently, number 40062
was used by CNS’s chief diagnostician as a way to test the VA
Council of Higher Education’s access to the Net and L-Net.
Poking around there was terminated, but our scan of L-Net turned
up another way in…

2) If you wondered why the Node Router was labelled “20” (really,
what happened to the other 19?), then this might clear things up.
The following connections were observed:
Node What
—- —-
0 Passworded
1 L-Net
3 the Net
5 Passworded
6 Passworded
9 Dead End
10 Dead End
12 L-Net
20 Restricted (*)

*) This did connect you to a really screwed up L-Net port, which
continually spewed out garbage and error messages, but we think
our poking around in it got it shut off, due to the incredible
quickness with which it was restricted (we were still on-line!)

3) Ah, what a joy it is to explore, and find a pristine cavern
laden with sweet delight, and a menu to boot! Well, what I’m
talking about is BAMBI and THUMPR, two side-by-side DECServers.
Calling the listed numbers with port 0 gets you BAMBI, and using
port 1 gets you THUMPR. In our experience, nobody has ever been
dumped for staying on too long, and though the computers you can
connect to aren’t all that interesting (all Mechanical Engineering)
the services and privileges allowed to ordinary users is about
as generous as possible. The listings that follow are vebatim
text sent by the servers, and we think that you’ll be able to
figure out what’s going on.

DECserver 200 Terminal Server V2.0 (BL29) – LAT V5.1
AMDF Network – Server BAMBI

Please type HELP if you need assistance
Enter username> Jack Meoff

Local> show nodes all

Node Name Status Identification

BAMBI Reachable AMDF Network – Server BAMBI
BERT Reachable AMDF VAXstation I (VMS 4.2)
ERNIE Reachable AMDF VAXstation I (VMS 4.2)
POOH Reachable AMDF MicroVAX II (VMS 4.6)
SPOCK Reachable ZONIC Lab VAXstation 2000 (VMS 4.6)
SULU Unreachable AMDF Cluster VAXstation 2000 (Color)
THUMPR Reachable AMDF Network – Server THUMPR
UHURA Unreachable AMDF Cluster VAXstation 2000 (B & W)
VTME Reachable ME VAX 11/780 (VMS 4.4)
VTMEX Reachable AMDF Cluster VAXserver 3600 (VMS 4.7)

Local> show ports all

Port Access Status Services Offered

1 Dynamic Idle ��
2 Dynamic Idle ��
3 Dynamic Local mode ��
4 Dynamic Idle ��
5 Dynamic Idle ��
6 Dynamic Idle ��
7 Dynamic Idle VTLAN��
8 Dynamic Idle VTLAN�

Local> help

HELP

The online HELP facility allows you to access reference and tutorial information about the DECserver 200. Choose one of the following options:

o Enter TUTORIAL to see a succession of HELP frames with “getting
started” information on basic DECserver functions (for beginners)

o Enter HELP for full information on how to use the HELP facility

o Choose a HELP topic from the following list:

BACKWARDS FORWARDS RESUME
BROADCAST HELP SET
CONNECT LIST SHOW
DEFINE LOCK TEST
DISCONNECT LOGOUT

Topic? list

LIST

Use the LIST command to display information from the permanent database.

LIST option

The option value is a topic about which you need information.

Additional HELP is available for the LIST options:

PORTS SERVER SERVICES

LIST Subtopic? server

SHOW/LIST SERVER

Use the SHOW SERVER command to display information about the current
operational state of the server. Use LIST SERVER to show values for the
permanent server characteristics.

Command formats:

SHOW SERVER [CHARACTERISTICS]
[COUNTERS ]
[STATUS ]
[SUMMARY ]

LIST SERVER [CHARACTERISTICS]
[SUMMARY ]

The default option for SHOW/LIST SERVER is CHARACTERISTICS.

Additional help available for:

CHARACTERISTICS COUNTERS STATUS SUMMARY

SHOW/LIST SERVER Subtopic?

LIST Subtopic?

Topic? show

SHOW

Use SHOW commands to display current status or information from the server’s
operational database.

SHOW option

The option value is the topic about which you need information.

Additional HELP is available for the SHOW options:

NODES PORTS QUEUE SERVER SERVICES SESSIONS USERS

SHOW Subtopic?

Topic?

Local> show server

DECserver 200 V2.0 BL29 LAT V5.1 ROM BL20 Uptime: 6 08:14:20

Address: 08-00-2B-0B-C4-EA Name: BAMBI Number: 0

Identification: AMDF Network – Server BAMBI

Circuit Timer: 80 Password Limit: 3
Console Port: 1 Queue Limit: 24
Inactivity Timer: 30 Retransmit Limit: 8
Keepalive Timer: 20 Session Limit: 64
Multicast Timer: 30 Software: PR0801ENG
Node Limit: 100

Service Groups: 0�

Enabled Characteristics:

Announcements, Broadcast, Dump�

Local> help

Topic? tutorial

TUTORIAL HELP

LOGGING INTO THE DECSERVER
To login to the DECserver you may be required by your server manager to enter a login password. If you are not required to do so, go on to the next screen. If you are, here are the steps to take to log in.

1 Press twice; a number sign (#) appears along with an audible “beep”.

2 Enter the login password. (You get the password from your server manager.)
For example, to log in with the password A1B2C3…

enter twice

# A1B2C3 type the password (which is not echoed)

3 If you make a mistake, the prompt reappears (and the “beep”) to let you try again. You have several chances to enter the correct password.

4 If you use a dial-in modem, you have 60 seconds to respond to the # prompt with the correct password. If you don’t, the server disconnects your modem.

If you do not need to enter a login password, press twice to log into
your DECserver.

When you log in, an introductory line of text appears…

DECserver 200 Terminal Server V1.0 (BL20) – LAT V5.1

If your port does not have a permanent username defined, enter your name (1 to
16 keyboard characters) after the following text appears…

Please type HELP if you need assistance

Enter username>

The Local> prompt appears after you type your username.

If your port does have a permanent username, here’s what you see…

Please type HELP if you need assistance

Local>


USING ONLINE HELP
Online help is documentation about DECserver commands that is
stored in server memory. You can see this documentation
interactively on your terminal while you are using the DECserver. The HELP command gives you access to online help. You
can use it in two ways:

You can type HELP at the Local> prompt…

Local> HELP

This generates a succession of HELP “frames”, “menus”, and prompts.
Frames are made up of the information that can fit on one or more
terminal screens. Menus are lists of topics you can choose from.

Alternatively, you can specify topics and subtopics when you
enter the HELP command. For example…

Local> HELP SET PORT

This command produces online documentation that describes the SET
PORT command.


SOME DEFINITIONS
The primary function of the DECserver is to allow you to connect to “services” offered on your network. A service can be a computer system that you can use just as though your terminal were attached directly to the system, or it can be a function offered by such a system. In addition, services can be set-up to
allow access to printers, dial-out modems, personal computers and terminal switches. To connect to a service, you only need to know the service name.

A “service node” is a computer system or server that offers services.

A “session” is a connection to a service. You can have one or more simultaneous sessions with one service, or more than one service. The connection you are using at any one time is called your “current session”. Your other sessions are inactive, but can be resumed by using server commands or session switches.

“Service mode” is your environment when you interact with a service. For example, if the service is a computer system, your environment is the same as a terminal directly wired to the system. You can all use the system’s commands and resources.

“Local mode” is your environment when you interact with the DECserver using commands entered at the Local> prompt.


CONNECTING TO A SERVICE
Use the local mode SHOW SERVICES command to display a list of services you can use.

Local> SHOW SERVICES

To connect to a service (establish a session with the service) enter the DECserver CONNECT command with the name of the service you want. For example, for a service called SALES, enter the following command:

Local> CONNECT SALES

This command places you in service mode in an active session with the service SALES.

RETURNING TO LOCAL MODE FROM A SERVICE SESSION
To return to local mode without ending your session, press or press your local switch character. Both these characters are, in effect, DECserver commands that instruct the server to go back to local mode.

The character must be set up to permit this (by default it is), and the local switch character must be defined (by default it is not).

Use the HELP command for more details on setting up the character and local switch character.

NOTE

Some modems interprets the character as a command to end
your dial-in connection. If you are using one of these modems,
do not use to return to local mode.

Your session, now inactive, is still your current session because
it is the session your were using most recently.

RESUMING YOUR SERVICE SESSION FROM LOCAL MODE
To resume your current session (and service mode) while your are in local mode, enter the DECserver RESUME command.

Local> RESUME

You go back to where you left off when before returning to local mode.

DISCONNECTING FROM A SERVICE
To end your current session while in service mode, use the command that terminates whatever process you are using. For example, you can terminate a session on a VAX/VMS system by typing the VMS LOGOUT command. Refer to the documentation for the service node that offers the service.

To end your current session while in local mode, enter the DECserver DISCONNECT command.

Local> DISCONNECT

You cannot resume a service session after you end the connection with DISCONNECT.

CONNECTING TO A SECOND SERVICE
The DECserver allows you to have several sessions at one time, to the same or to different services. To connect to a second (or subsequent) service, simply enter another CONNECT command from local mode, specifying the name of the service. For example, to connect to the service PRODUCTION, enter the following command:

Local> CONNECT PRODUCTION

To resume one of your non-current sessions, use the FORWARDS command to switch to your next session, or the BACKWARDS command to switch to your previous session. Alternatively, you can use the RESUME command and specify the session
number. You can find this number from the SHOW SESSIONS display:

Local> RESUME SESSION 2

To disconnect a particular session, use the DISCONNECT command and specify the session number. For example:

Local> DISCONNECT SESSION 1

LOGGING OUT OF THE DECSERVER
To logout from the DECserver, enter the DECserver LOGOUT command (in local mode).

Local> LOGOUT

LOGOUT disconnects all sessions. A DECserver message appears verifying the logout.

The next batch of stuff comes from DECServer 500:

Local> show users

Port Username Status Service

5 LC-1-5 Connected VTCC1
6 LC-1-6 Connected VTCC1
7 LC-1-7 Connected VTCC1
8 LC-1-8 Connected VTCC1
34 LC-3-2 Connected VTCC1
53 LC-4-5 Local Mode
67 LC-5-3 Connected VTCC1

Local> show devices all

Device Device Port Device CSR Vector Total
Slot Name Type List Status Address Address Errors

1 CONSOLE DL 0 Running 177560 60 1
2 NETWORK DEQNA Running 174440 120 37
3 LC-1 CXY08 1-8 Running 160440 310 2
4 LC-2 CXY08 17-24 Running 160460 320 0
5 LC-3 CXY08 33-40 Running 160500 330 1
6 LC-4 CXY08 49-56 Running 160520 340 0
7 LC-5 CXY08 65-72 Running 160540 350 0
8 LC-6 CXY08 81-88 Running 160560 360 0
9 LC-7 CXY08 97-104 Running 160600 370 5085
10 LC-8 CXY08 113-120Running 160620 400 15

Local> show server

DECserver 500 V1.0 LAT V5.1 ROM V1.0.2 Uptime: 12 7:18:36
Address: 08-00-2B-0A-10-63 Name: CCSRV2 Number: 22
Identification:
Circuit Timer: 80
Password Limit: 3
Inactivity Timer: 2
Queue Limit: 8
Keepalive Timer: 20
Retransmit Limit: 10
Multicast Timer: 60
Session Limit: 256
Node Limit: 100
Service Groups: 0

Backup Hosts: None
Enabled Characteristics:
Announcements

Local> show services all

Service Name Status Identification

DCSSVX Unavailable VT CC DCSS VS2000 Ultrix 2.2/UNIX
DSW Unavailable VT CNS dataswitch
GOLEM Unavailable VT Mathematics VAXstation I VMS – Node
LAN Unavailable VT CNS LocalNet
MTHOPR Unavailable VT Mathematics VAXstation I VMS – Node
MTHSUN Unavailable VT Mathematics Sun 3/50 – MTHSUN
MTHUNH Unavailable VT Mathematics VS2000 Ultrix 2.2 – Node
MTHUNX Unavailable VT Mathematics VS2000 Ultrix 2.2 – Node
NFNITY Unavailable VT Mathematics VS2000 VMS – Node NFNITY
POPEYE Unavailable Systems Research Center VAX-11/785 SVR2/
QUANTM Unavailable VT Mathematics VS2000 Ultrix 2.2 – Node
VTAGE1 Unavailable Ag. Engineering MicroVAX II / MicroVMS V
VTCC1 6 Connected TechCluster – Node VTCC1
VTCPE1 Unavailable VT EE Department VS2000 Ultrix 2.2/UNIX
VTCPE2 Unavailable VT EE Department VS2000 Ultrix 2.2/UNIX
VTCPE3 Unavailable VT EE Department VS2000 Ultrix 2.2/UNIX
VTCPE4 Unavailable VT EE Department VS3200 Ultrix 2.2/UNIX
VTCS1 Unavailable Va Tech CS Lab: VMS Service
VTDAL3 Unavailable VT EE Department VS2000 Ultrix 2.0/UNIX
VTDAL4 Unavailable VT EE DAL VS3200 Ultrix 2.2/Unix
VTDAL5 Unavailable VT EE DAL VS3200 Ultrix 2.2/UNIX
VTDAL6 Unavailable VT EE DAL VS3200 Ultrix 2.2/Unix
VTHCL Unavailable Va Tech Human/Computer Interface Lab
VTMAP Unavailable CE-Geography SDA Lab -Node VTMAP – Micro
VTMATH Available TechCluster – Node VTCC1
VTMILO Unavailable Human/Computer Lab – VAXStation II
VTODIE Unavailable VT CS Department MicroVax 2000 Ultrix 2.0
VTSDA Unavailable Spatial Data Analysis Lab – Vax 11/785
VTUNIX Available VT CC VAX 11/785 Ultrix 2.2/UNIX
VTYR Unavailable VT Mathematics VS2000 VMS – Node VTYR
XPRT549 Unavailable Fifth floor printer

Local> show ports all

Port Access Status Local Services

1 Local Idle
2 Local Idle
3 Local Idle
4 Local Idle
5 Local Connected
6 Local Connected
7 Local Connected
8 Local Connected
9 Local Offline
10 Local Offline
11 Local Offline
12 Local Offline
13 Local Offline
14 Local Offline
15 Local Offline
16 Local Offline
17 Local Idle
18 Local Idle
19 Local Idle
20 Local Idle
21 Local Local mode
22 Local Idle
23 Local Idle
24 Local Idle
25 Local Offline
26 Local Offline
27 Local Offline
28 Local Offline
29 Local Offline
30 Local Offline
31 Local Offline
32 Local Offline
33 Local Idle
34 Local Connected
35 Local Idle
36 Local Idle
37 Local Idle
38 Local Idle
39 Local Idle
40 Local Idle
41 Local Offline
42 Local Offline
43 Local Offline
44 Local Offline
45 Local Offline
46 Local Offline
47 Local Offline
48 Local Offline
49 Local Idle
50 Local Idle
51 Local Idle
52 Local Idle
53 Local Idle
54 Local Idle
55 Local Idle
56 Local Idle
57 Local Offline
58 Local Offline
59 Local Offline
60 Local Offline
61 Local Offline
62 Local Offline
63 Local Offline
64 Local Offline
65 Local Idle
66 Local Idle
67 Local Connected
68 Local Idle
69 Local Idle
70 Local Idle
71 Local Idle
72 Local Idle
73 Local Offline
74 Local Offline
75 Local Offline
76 Local Offline
77 Local Offline
78 Local Offline
79 Local Offline
80 Local Offline
81 Local Idle
82 Local Idle ������������������������������������
83 Local Idle
84 Local Idle
85 Local Idle
86 Local Idle
87 Local Idle
88 Local Idle
89 Local Offline
90 Local Offline
91 Local Offline
92 Local Offline
93 Local Offline
94 Local Offline
95 Local Offline
96 Local Offline
97 Local Idle
98 Local Idle
99 Local Idle
100 Local Idle
101 Local Idle
102 Local Idle
103 Local Idle
104 Local Idle
105 Local Offline
106 Local Offline
107 Local Offline
108 Local Offline
109 Local Offline
110 Local Offline
111 Local ���Offline
112 Local Offline
113 Local Idle
114 Local Idle
115 Local Idle
116 Local Idle
117 Local Idle
118 Local Idle
119 Local Idle
120 Local Idle
121 Local Offline
122 Local Offline
123 Local Offline
124 Local Offline
125 Local Offline
126 Local Offline
127 Local Offline
128 Local Offline

Enough stuff, huh? Well, we’ve got MORE news. If you’re going to
poke around L-Net, the following numbers into L-Net have been known
to be dead (i.e. CONNECTED, but no response): 40499, 40507, 40482.

And here’s an update on VTHack #2’s list of Net numbers:
40600-40615 No Answer
40625-40656 Originate Only
40657 Not Accessable
40658 No Answer
40659-40686 Not a Dataline
40687 No Answer
40688-40690 Not Accessable
40691 1200 baud line
40692 No Answer
40693-40699 Not a Dataline

40700-40723 Connection Failed
40724 No Answer
40725-40799 VM/XA VT

40800-40817 VM/XA VT
40818-40833 Originate Only
40834-40837 Not Accessable
40838-40839 Originate Only
40840-40899 Not a Dataline

40900-40999 Not a Dataline

And what about the other 55 thousand L-Net addresses we didn’t try?
Hey, why don’t YOU try them, and then share the news…? We’re
already moving on to brighter futures in hacking, so stay tuned on
your local BBS or pass-the-disk network for: VTHacker #4 – Viruses,
reader response, Telenet, and more updates on previous info…

Downloaded From P-80 Systems 304-744-2253

An Overview of Telenet by Man Max

Telenet

It seems that not many of you know that Telenet is connected to about 80
computer-networks in the world. No, I don’t mean 80 nodes, but 80 networks with
thousands of unprotected computers. When you call your local Telenet- gateway,
you can only call those computers which accept reverse-charging- calls.
If you want to call computers in foreign countries or computers in USA which
do not accept R-calls, you need a Telenet-ID. Did you ever notice that you can
type ID XXXX when being connected to Telenet? You are then asked for the
password. If you have such a NUI (Network-User-ID) you can call nearly every
host connected to any computer-network in the world. Here are some examples:

026245400090184 :Is a VAX in Germany (Username: DATEXP and leave mail for
CHRIS !!!)
0311050500061 :Is the Los Alamos Integrated computing network (One of the
hosts connected to it is the DNA (Defense Nuclear Agency)!!!)
0530197000016 :Is a BBS in New Zealand
024050256 :Is the S-E-Bank in Stockholm, Sweden (Login as GAMES !!!)
02284681140541 :CERN in Geneva in Switzerland (one of the biggest nuclear
research centers in the world) Login as GUEST
0234212301161 :A Videotex-standard system. Type OPTEL to get in and use the
ID 999_ with the password 9_
0242211000001 :University of Oslo in Norway (Type LOGIN 17,17 to play the
Multi-User-Dungeon !)
0425130000215 :Something like ITT Dialcom, but this one is in Israel ! ID
HELP with password HELP works fine with security level 3
0310600584401 :Is the Washington Post News Service via Tymnet (Yes, Tymnet is
connected to Telenet, too !) ID and Password is: PETER You can read the news
of the next day !

The prefixes are as follows:
02624 is Datex-P in Germany
02342 is PSS in England
03110 is Telenet in USA
03106 is Tymnet in USA
02405 is Telepak in Sweden
04251 is Isranet in Israel
02080 is Transpac in France
02284 is Telepac in Switzerland
02724 is Eirpac in Ireland
02704 is Luxpac in Luxembourg
05252 is Telepac in Singapore
04408 is Venus-P in Japan
…and so on… Some of the countries have more than one
packet-switching-network (USA has 11, Canada has 3, etc).

OK. That should be enough for the moment. As you see most of the passwords are
very simple. This is because they must not have any fear of hackers. Only a few
German hackers use these networks. Most of the computers are absolutely easy to
hack !!! So, try to find out some Telenet-ID’s and leave them here. If you need
more numbers, leave e-mail.
I’m calling from Germany via the German Datex-P network, which is similar to
Telenet. We have a lot of those NUI’s for the German network, but none for a
special Tymnet-outdial-computer in USA, which connects me to any phone #.

CUL8R, Mad Max

PS: Call 026245621040000 and type ID INF300 with password DATACOM to get more

Telecom Computer Security Bulletin: DEC Terminal Server Basics by Mad Hacker (September 10, 1988)

_______________________________________________________________________________

DEC Terminal Server Basics
Written by Mad Hacker {the original} on 09/10/88

A Telecom Computer Security Bulletin File
Volume One, Number 1, File 11 of 12
_______________________________________________________________________________

This is the A B C’s of using a DEC terminal server. A DEC terminal server can
be quite a handy thing if you know a few of it’s basic commands. Ok enough
said, time to log in….

LOGGING INTO THE DECSERVER:

To login to the DECserver you may be required to enter a login password. But
to tell the truth, most DECservers are not password protected. It seems that
most people don’t think of a DECserver as a possible weak link in their
security. I guess they feel that the server is not a computer and so it is not
a thing that needs to be protected. This is a very serious mistake! Many
computer systems have been compromised by the lax security of the external
devices hooked to them, in this case, the DECserver.

If you need to log in, this is how to do it.

1. Press twice; a number sign (#) appears along with an audible beep.

2. Enter the login password. For example, to log in with the password HACKER

enter twice

# HACKER type the password (which is not echoed)

3. If you make a mistake, the prompt reappears (and the “beep”) to let you
try again. You have several chances to enter the correct password.

4. If you use a dial-in modem, you have 60 seconds to respond to the #
prompt with the correct password. If you don’t, the server disconnects
your modem.

If you do not need to enter a login password, {that is how most are setup},
just press twice and you are in.

When you log in, an introductory line of text appears…

DECserver 200 Terminal Server V1.0 – LAT V5.1

If your port does not have a permanent username defined, enter your name (1 to
16 keyboard characters) after the following text appears…

Please type HELP if you need assistance

Enter username> MAD_HACKER

The Local> prompt appears after you type your username.

If your port does have a permanent username, here’s what you see…

Please type HELP if you need assistance

Local>

USING ONLINE HELP:

Online help is documentation about DECserver commands that is stored in server
memory. You can see this documentation interactively on your terminal while
you are using the DECserver. The HELP command gives you access to online help.
You can use it in one of two ways:

You can type HELP at the Local> prompt…

Local> HELP

This generates a succession of HELP “frames”, “menus”, and prompts. Frames
are made up of the information that can fit on one or more terminal screens.
Menus are lists of topics you can choose from.

Alternatively, you can specify topics and subtopics when you enter the HELP
command. For example…

Local> HELP SET PORT

This command produces online documentation that describes the SET PORT command.

SOME DEFINITIONS:

The primary function of the DECserver is to allow you to connect to “services”
offered on your network. A service can be a computer system that you can use
just as though your terminal were attached directly to the system, or it can
be a function offered by such a system. In addition, services can be set-up
to allow access to printers, out-dial modems, personal computers and terminal
switches. To connect to a service, you only need to know the service name.
_______________________________________________________________________________

A NOTE ABOUT OUT-DIALS CONNECTED TO A DECserver:

When an outdial modem is put on the DECserver and some local hacks find
it, well you get the picture…..the company that own’s it will often get
a 100-500 page bill from the phone company. After that happens, the company
that is the proud owner of a $5000.00 phone bill will often decide to
password protect the DECserver. On the other hand, the out-dial may be run
off a flat rate SPRINT or WATS line. If that is the case the out-dial will
live a long and non-password protected life… 🙂
_______________________________________________________________________________

DEFINITIONS CONTINUED:

A “service node” is a computer system or server that offers services.

A “session” is a connection to a service. You can have one or more simul-
taneous sessions with one service, or more than one service. The connection
you are using at any one time is called your “current session”. Your other
sessions are inactive, but can be resumed by using server commands or session
switches.

“Service mode” is your environment when you interact with a service. For
example, if the service is a computer system, your environment is the same as a
terminal directly wired to the system. You can all use the system’s commands
and resources.

“Local mode” is your environment when you interact with the DECserver
using commands entered at the Local> prompt.

CONNECTING TO A SERVICE:

Use the local mode SHOW SERVICES command to display a list of services you can
use.

Local> SHOW SERVICES

To connect to a service (establish a session with the service) enter the
DECserver CONNECT command with the name of the service you want. For example,
for a service called MEGA-SYSTEM, enter the following command:

Local> CONNECT MEGA-SYSTEM

This command places you in service mode in an active session with the service
MEGA-SYSTEM. In this case, MEGA-SYSTEM is a CRAY with 200 GIG on-line.

RETURNING TO LOCAL MODE FROM A SERVICE SESSION:

To return to local mode without ending your session, press or press
your local switch character. Both these characters are, in effect, DECserver
commands that instruct the server to go back to local mode.

The character must be set up to permit this (by default it is), and
the local switch character must be defined (by default it is not).

Use the HELP command for more details on setting up the character and
local switch character.

*** NOTE ***

Some modems interprets the character as a command to end
your dial-in connection. If you are using one of these modems,
do not use to return to local mode.

Your session, now inactive, is still your current session because it is the
session your were using most recently.

RESUMING YOUR SERVICE SESSION FROM LOCAL MODE:

To resume your current session (and service mode) while your are in local
mode, enter the DECserver RESUME command.

Local> RESUME

You go back to where you left off when before returning to local mode.

DISCONNECTING FROM A SERVICE:

To end your current session while in service mode, use the command that
terminates whatever process you are using. For example, you can terminate a
session on a VAX/VMS system by typing the VMS LOGOUT command. Refer to the
documentation for the service node that offers the service.

To end your current session while in local mode, enter the DECserver DISCONNECT
command.

Local> DISCONNECT

You cannot resume a service session after you end the connection with
DISCONNECT.

CONNECTING TO A SECOND SERVICE:

The DECserver allows you to have several sessions at one time, to the same or
to different services. To connect to a second (or subsequent) service, simply
enter another CONNECT command from local mode, specifying the name of the
service. For example, to connect to the service OUT-DIAL, enter the following
command:

Local> CONNECT OUT-DIAL

To resume one of your non-current sessions, use the FORWARDS command to switch
to your next session, or the BACKWARDS command to switch to your previous
session. Alternatively, you can use the RESUME command and specify the session
number. You can find this number from the SHOW SESSIONS display:

Local> RESUME SESSION 2

To disconnect a particular session, use the DISCONNECT command and specify the
session number. For example:

Local> DISCONNECT SESSION 1

LOGGING OUT OF THE DECSERVER:

To logout from the DECserver, enter the DECserver LOGOUT command (in local
mode).

Local> LOGOUT

LOGOUT disconnects all sessions. A DECserver message appears verifying the
logout.

Well that is about it for now. There are a number of other nice commands but
you should be able to find your way around now. Happy Hack’n….

_______________________________________________________________________________
$ 

The use of a DECserver (Documentation) By the Chief of Swedish Hackers Association

——————————————————————————–

x\x\x\x\x\x\x\x\x\x\x\x\x\x\x\x\x\
THE USE OF A DECSERVER
DOCUMENTATION BY THE CHIEF
FOR SWEDISH HACKERS ASSOCIATION
S.H.A. AND I.H.A. FILE #7
FEBRUARY 1990
x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/

——————————————————————————–

LOGGING INTO THE DECSERVER

1 Press twice; a number sign (#) appears along with an audible “beep”.

2 Enter the login password. (You get the password from your server manager.)
For example, to log in with the password A1B2C3…

* If you use a dial-in modem, you have 60 seconds to respond to the # prompt
with the correct password. If you don’t, the server disconnects your modem.

When you log in, an introductory line of text appears…

DECserver 200 Terminal Server V1.0 (BL20) – LAT V5.1
——————————————————————————–
Please type HELP if you need assistance

Enter username>

The Local> prompt appears after you type your username.

If your port does have a permanent username, here’s what you see…

Please type HELP if you need assistance

Local>
——————————————————————————–

Local> HELP :gives you a number of different HELP-topics

Local> HELP SET PORT :gives online documentation to the SET PORT command

Local> SHOW SERVICES :gives a list of the SERVICES available

Local> CONNECT SALES :connects you with the SERVICE named “SALES”

Local> RESUME :returns to the LAST SERVICE used by the user

Local> DISCONNECT :disconnects you from a service (RESUME do not work)

Local> CONNECT EXTRA :connects you with the SERVICE named “EXTRA”.
:you can be connected to several SERVICES at the
:same time.

Local> FORWARDS :to resume one of your non-current sessions.
:if you have more than one at the same time.
:this command moves you to the NEXT SERVICE.

Local> BACKWARDS :to resume one of your non-current sessions.
:if you have more than one at the same time.
:this command moves you to the PREVIOUS SERVICE.

Local> RESUME SESSION 2 :alternat command to FORWARDS or BACKWARDS

Local> DISCONNECT SESSION 1 :to DISCONNECT you from a SERVICE you are currently
:CONNECTED to by using the SESSION-NUMBER.

Local> LOGOUT :LOGOUT disconnects all sessions and cuts the line

Local> SH :SH or SHOW is used to SHOW specific items or
:SERVICES or USERS or whatever you want to see.

Local> SH USER :shows the user(s) status and whereabouts

Local> SH PORT :shows the PORT, you are connected to, -status

Local> LIST PORT :shows the PORT, you are connected to, -status

Local> LOCK PORT# :used to LOCK a PORT to refuse users logging on.
:no-one can use it, when it’s locked, even
:you are locked out (if you log off without
:unlocking the port, that is).

Local> HELP COMMAND

These commands you can get HELP on:
——————————————————————————–
BACKWARDS FORWARDS RESUME
BROADCAST HELP SET
CONNECT LIST SHOW
DEFINE LOCK TEST
DISCONNECT LOGOUT
——————————————————————————–

Local> HELP LIST

LIST
——————————————————————————–
Use the LIST command to display information from the permanent database.

LIST option

The option value is a topic about which you need information.

Additional HELP is available for the LIST options:

PORTS SERVER SERVICES

LIST Subtopic? server
SHOW/LIST SERVER

Use the SHOW SERVER command to display information about the current
operational state of the server. Use LIST SERVER to show values for the
permanent server characteristics.

Command formats:

SHOW SERVER CHARACTERISTICS
COUNTERS
STATUS
SUMMARY

LIST SERVER CHARACTERISTICS
SUMMARY

The default option for SHOW/LIST SERVER is CHARACTERISTICS.

Additional help available for:

CHARACTERISTICS COUNTERS STATUS SUMMARY

SHOW/LIST SERVER Subtopic? status
SHOW/LIST SERVER CHARACTERISTICS/COUNTERS/STATUS/SUMMARY

CHARACTERISTICS generates a display of the current values for the server
characteristics.

COUNTERS presents a listing in two parts. The top listing displays the server
Ethernet counters; the lower listing displays the server LAT network counters.

STATUS produces a summary of server utilization for the uptime period noted in
the display.

SUMMARY generates identification data for the server and a list of the service
groups for its ports.
——————————————————————————–

——————————————————————————–
x\x\x\x\x\x\x\x\x\x\x\x\ EXAMPLES /x/x/x/x/x/x/x/x/x/x/x/x
——————————————————————————–

EXAMPLE: Local> SH USER
——————————————————————————–
Port Username Status Service

3 Steve X Local mode
——————————————————————————–
The “PORT” is the place the USER is connected to. Port 3 in this case is a modem
The “USERNAME” is the name of the user.
The “STATUS” tells you what the user is doing, or where he/she is.
The “SERVICE” tells you if a user is connected to a service and if he/she is,
the name of the service.
——————————————————————————–

EXAMPLE: Local> SH PORT
——————————————————————————–
Port 3: Steve X

Character Size: 8 Input Speed: 2400
Flow Control: XON Output Speed: 2400
Parity: None Modem Control: Enabled

Access: Dynamic Local Switch: None
Backwards Switch: None Name: POOL_2
Break: Local Session Limit: 4
Forwards Switch: None Type: Ansi

Preferred Service: BUSTER

Authorized Groups: 0
(Current) Groups: 0

Enabled Characteristics:

Autoprompt, Broadcast, Dialup, Inactivity Logout, Input Flow Control,
Loss Notification, Message Codes, Output Flow Control, Password,
Verification
——————————————————————————–

EXAMPLE: Local> SH SERVICE
——————————————————————————–
Service Name Status Identification

ALFA Available VAX-node
BAMSE Available VAX-node
BETA Available Beta/HOf
BLIXT Available VAX-node
BOKNING Available
BRIDGE_CONS Available BRIDGE – SYSTEM CONSOLE
BRUM Available Stockholm
CLUSTER Available VAX-cluster
DELTA Available @SYS$MANAGER:ANNOUNCE.TXT
DISA Available Landvetter
DUNDER Available VAX-node
EKO Available Ekonomisystem
GAMMA Available Gamma/HOf
LISA Available Sturup
MAJA Available Sundsvall
MIMER Available VAX-Blixt
RADARN Available Radar, Arlanda
RADNKP Available VAX-node
SKUTT Available Dis/Ada
TWO_WAY_1 Available Modem, In- and Outgoing
VTI4 Unknown VAX-node
VTI5 Unknown VAX-node
WPS Available VAX-Bamse
——————————————————————————–

EXAMPLE ON CONNECTING A SERVICE

Local> CONNECT BLIXT
——————————————————————————–

V A X – c l u s t e r

B L I X T
B L I X T

Username: USER
Password: USER
User authorization failure
Username: GUEST
Password: GUEST
User authorization failure
Username: IHMS
Password: IHMS
User authorization failure
Local -000- Session 1 disconnected from BLIXT
——————————————————————————–
(Try 2:)

Username: PULMAN
Password: PULMAN
User authorization failure
Username: VADER
Password: VADER
User authorization failure
Username: BLIXT
Password: BLIXT
User authorization failure
Local -000- Session 1 disconnected from BLIXT
——————————————————————————–

Local> CONNECT BOKNING
Local -000- Session 1 to BOKNING on node EKO established

E k o n o m i s y s t e m

E K O
E K O

Username: EKO
Password: EKO
User authorization failure
Username: PENGAR
Password: PENGAR
User authorization failure
Username: MONEY
Password: MONEY
User authorization failure
Local -000- Session 1 disconnected from BOKNING
——————————————————————————–

Local> CONNECT DELTA
Local -000- Session 1 to DELTA established

V A X – c l u s t e r

D E L T A
D E L T A

Username: MANAGER
Password: SMHI
User authorization failure
Username: MANAGER
Password: DELTA
User authorization failure
Username: MANAGER
Password: MANAGER
User authorization failure
Local -000- Session 1 disconnected from DELTA
——————————————————————————–
(Try 2:)

Username: SYS
Password: SYS
User authorization failure
Username: SYSTEM
Password: SYSTEM
User authorization failure
Username: USER
Password: USER
User authorization failure
Local -000- Session 1 disconnected from DELTA
——————————————————————————–
——————————————————————————–
TO LOCK A PORT:
—————
Local> LOCK
Lock Password> LOCK
Verification> LOCK
Local -000- Port 3 locked
Unlock Password> LOCK
——————————————————————————–
LOGGING OUT:
————
Local> LOGOUT
Local -000- Logged out port 3
——————————————————————————–
\x\x\x\x\x\x\ COMMANDS /x/x/x/x/x/x/
——————————————————————————–

(Commands with SHOW “Keyword” NOT known to the system in Local mode)
——————————————————————–
Local -702- Keyword “PASSWORD” not known or ambiguous
Local -702- Keyword “PSW” not known or ambiguous
Local -702- Keyword “HELP” not known or ambiguous
Local -702- Keyword “SETUP” not known or ambiguous
Local -702- Keyword “COMM” not known or ambiguous
Local -702- Keyword “COM” not known or ambiguous
Local -702- Keyword “ALL” not known or ambiguous
Local -702- Keyword “LOCK” not known or ambiguous

(Commands with LIST “Keyword” NOT known to the system in Local mode)
——————————————————————–
Local -702- Keyword “USER” not known or ambiguous
Local -702- Keyword “USERS” not known or ambiguous
Local -702- Keyword “FILER” not known or ambiguous
Local -702- Keyword “ALL” not known or ambiguous

(Commands NOT known at all to the system in Local mode)
——————————————————-
Local -702- Keyword “SETUP” not known or ambiguous
Local -702- Keyword “FILE” not known or ambiguous
Local -702- Keyword “DEST” not known or ambiguous
Local -702- Keyword “DEC” not known or ambiguous
Local -702- Keyword “DOS” not known or ambiguous
Local -702- Keyword “1” not known or ambiguous
Local -702- Keyword “REQ” not known or ambiguous
Local -702- Keyword “SYSTEM” not known or ambiguous
Local -702- Keyword “SYS” not known or ambiguous
Local -702- Keyword “STATUS” not known or ambiguous
Local -702- Keyword “STAT” not known or ambiguous
Local -702- Keyword “USER” not known or ambiguous
Local -702- Keyword “FILE” not known or ambiguous
Local -702- Keyword “PORT” not known or ambiguous
Local -702- Keyword “LOGIN” not known or ambiguous
Local -702- Keyword “LOGON” not known or ambiguous
Local -702- Keyword “WHO” not known or ambiguous

(Commands giving COMMAND SYNTAX ERROR)
————————————–
Local> list ?
Local> list
Local> get
——————————————————————————–
(c) is not worth it! (c) SWEDISH HACKERS ASSOCIATION 1990
(c) INTERNATIONAL HACKERS ASSOCIATION 1990

WATCH OUT FOR MORE TEXTFILES FROM THE MASTERS OF HACKING IN SWEDEN: S.H.A.
THANX TO MR.BIG FOR HIS TEXTFILE CONTRIBUTIONS AND TO D.O.C. FOR HIS RESURCH !!

Hacking Rampart Systems by Whackoland

!!WHACKOLAND!WHACKOLAND!!
W W
H -> HACKING RAMPART <- H A SYSTEMS PT. I A C C K INTRODUCTION K O & O ' IN DEPTH COMMAND ' S SUMMARY S !!WHACKOLAND!WHACKOLAND!! INFO ON RAMPART SYSTEMS ----------------------- RAMPART SYSTEMS ARE USED BY CO'S SUCH AS METRO,MCI,SPRINT,ECT. WE HAVE FOUND THAT THEY ARE USUALLY SET UP LIKE WESTERN UNION'S EASYLINK SYSTEM. HERE IS A EXMAMPLE FOR METRO... YOU DIAL THE LDS SERVICE WHICH IN THIS CASE IS 314/342-1130 THEN YOU WOULD ENTER A CODE SUCH AS XXXXXX, THEN IT WOULD GIVE A CARRIER. YOU HAVE TO HAVE 1200BPS TO CONNECT WITH THIS SYSTEM. HACKING RAMPART --------------- FIRST OFF YOU'LL HAVE TO GET A ACCT. OR CODE TO ACCESS THE RAMPART SYSTEM TO DO THIS YOU'LL NEED TO WRITE A SIMPLE PROGRAM THAT WILL WARDIAL THAT LDS AND ENTER CODES EITHER SEQ. OR RAND., AND DO NOT HAVE IT DIAL A CARRIER LIKE ON A REGULAR CODE HACKER. IF IT IS THE CODE YOU ARE LOOKING FOR IT WILL GIVE A CARRIER IMMEDIATLEY AFTER DIALING IT. IT WILL CONNECT 300 & 1200, BUT WILL ONLY LET YOU ON THE MAIN SYSTEM 1200BPS WHEN IT FINDS A CODE FOR RAMPART HAVE IT CHECK FOR THE CARRIER DETECT, AND RECORD THE CODE'S THAT GET THE CARRIER DETECT. ] HACKING RAMPART ACCT [ OK AFTER YOU HAVE GOTTEN THIS FAR AND ARE CONNECTED TO THE SYSTEM, IT WILL GIVE YOU A '>‘ PROMPT. YOU CAN EITHER
ENTER ‘LOG’ OR ‘ACCT,PW’. WHEN YOU
ENTER LOG IT WILL SAY:
ACCT OR ID:
PASSWORD:

BASIC ACCTS ON RAMPART SYSTEMS THAT I
HAVE FOUND WERE…

ACCOUNT – PASSWORD
————– ——————
DEMO : DEMO
SYSTEST : SYSMNGR
RAMPART : SYSTEST
HELP : SYSTEST OR HELP

NOTE: THESE AREN’T PRIVLEDGED ACCTS.
TO GET A PRIV. ACCT, YOU MUST
HAVE THE RUT PASSWORD & ID.

RAMPART SYSTEMS COMMAND SUMMARY PT I
————————————

NOTE: YOU SHOULD READ THE INTRODUCTION
TO HACKING RAMPART SYSTEMS, BEFORE YOU
START ON THIS FILE.

OK THIS IS GOING TO MAINLY TELL ABOUT
WHAT THE COMMANDS AND SUB-COMMANDS ARE
USED FOR ON THE RAMPART SYSTEM.

HELP

THE HELP FUNCTION ENABLES THE USER TO
ENQUIRE ABOUT RAMPART SYSTEM CONCEPTS,
COMMANDS, AND SYNTAX. TYPE “HELP HELP”
FOR MORE SPECIFIC INFORMATION ON USE OF
THE HELP FUNCTION.

MORE HELP IS AVAILABLE UNDER THE SUB-
TOPICS:

HELP
ABORT
RUN
REFERRAL
TRUNK-NUMBERS
DATABASE
CHECK
EDIT

SEE HACKING RAMPART PT III FOR A SUM-
MARY FOLLOWING COMMANDS ————————————-
PUT
DISPLAY
TERMINAL
TEST
REPORT
PRIME
ROUTINE
LOGOUT
ERROR-CODES
—————

->ABORT

ABORT

ENABLES THE USER TO ABORT ROUTINE TEST-
ING OR SELECTED DEMAND TESTS. TO STOP
TESTS ACTIVE ON A SINGLE PORT, PUT THAT
PORT OUT OF SERVICE.

DEMAND ABORTS WILL NOT COMPLETE UNTIL
THE CURRENT TRUNK UNDER TEST HAS BEEN
FULLY TESTED.

ROUTINE ABORTS ARE THE SAME AS DEMAND
ABORTS.

> ABORT SUB CMDS < DEMAND ROUTINE ->ABORT DEMAND
(OR ALL)

ABORTS ALL DEMAND TESTS FOR THE
SPECIFIED TERMINAL NUMBER. IF NO
TERMINAL NUMBER IS GIVEN, ALL DEMAND
TESTS FOR THIS TERMINAL ARE ABORTED. IF
‘ALL’ IS SOECIFIED, ALL DEMAND TESTS IN
THE SYSTEM ARE ABORTED.

TO DETERMINE THE NUMBER OF A TERMINAL
WHICH ORIGINATED A DEMAND REQUEST, USE
THE ‘DISPLAY PORT’ AND ‘DISPLAY DEMAND
QUEUE’ COMMANDS.

NOTE: IF A DEMAND TEST IS IN PROGRESS,
IT WILL BE ABORTED AFTER THE CURRENT
TRUNK HAS COMPLETED TESTING.

->ABORT ROUTINE

STOPS ROUTINE TESTING WITHOUT AFFECTING
REGULAR START AND END TIMES. ROUTINE
TESTING WILL NOT START AGAIN UNTIL THE
REGULAR START TIME IS REACHED.

->RUN

RUNS THE PROGRAM-NAME

RUN’S THE RAMPART UTILITY PROGRAMS

‘RUN USE’ RUNS THE USER EDITOR(SAME AS
‘EDIT’ COMMAND)

‘RUN CIP’ RUNS THE CENTRAL OFFICE FILE
COMPILER(TYPE ‘HELP DATABASE’ FOR AN
EXPLANATION OF THE CONTENTS OF THIS
FILE)

‘RUN TAC’ RUNS THE TRUNK FILE COMPILER
(SHOULD BE RUN ONLY AFTER RUNNING ‘CIP’
– TYPE ‘HELP DATABASES’ FOR A EXPLA-
NATION OF THIS FILE)

‘RUN CODUMP’ RUNS THE UTILITY WHICH
DUMPS COI(CENTRAL OFFICE INFORMATION)TO
THE SYSTEM LINE PRINTER

‘RUN RTGDDMP’ RUNS THE UTILITY WHICH
DUMPS THE ROUTINE TEST FILES TO THE
SYSTEM LINE PRINTER

‘RUN DOWN’ RUNS THE PROGRAM WHICH SHUTS
DOWN RAMPART APPLICATIONS PROGRAMS IN
AN ORDERLY FASHION. (DO NOT USE THIS
IT IS TO YOUR ADVNTAGE NOT TO FOR IT
WILL NOT ALLOW YOU TO USE ANY
CMDS.)

->REFERRAL NUMBERS

REFERRAL NUMBERS ENABLE THE USER TO
QUICKLY SPECIFY A SINGLE TRUNK GROUP IN
THE SYSTEM BY ITS NUMERIC REFERRANCE.
FOR EXAMPLE, THE TRUNK GROUP ‘TG123’
FROM OFFICE ‘ABC’ TO OFFICE ‘XYZ’ CAN
BE SPECIFIED BY A SINGLE NUMBER IN
RAMPART COMMANDS RATHER THAN ENTERING
THE NEAREND,FAREND, AND GROUP ID IN
THIER ENTIRETY.

NOTE: THE REFERRAL NUMBER FOR A PART-
ICULAR TRUNK GROUP MAY CHANGE IF THE DATABASE IS RE-COMPILED.

FORMAT: REF-ERRAL NUMBER
RF NUMBER

THE EASIEST WAS TO DETERMINE THE REFER-
RAL NUMBER OF A TRUNK GROUP IS TO USE
THE ‘DISPLAY TRUNK’ COMMAND.

->DISPLAY TRUNK

DISPLAY TRUNK(GROUPS) NEAREND
OR DISPLAY TRUNK (GROUP)
REFERRAL NUMBER

DISPLAYS DATABASE INFORMATION ON THE
TRUNK GROUP(S) SPECIFIED. INCLUDED IS
REFERRAL NUMBER, NEAREND, FAREND,
GROUP ID, NUMBER OF TRUNKS, SYSTEM
TRUNK NUMBERS, AND LIMITS DATA.

O IF ONLY ‘NEAREND’ IS SPECIFIED, ALL
TRUNK GROUPS ORIGINATING FROM THE
OFFICE SPECIFIED ARE DISPLAYED

O IF ‘NEAREND’ AND ‘FAREND’ ARE
SPECIFIED, ALL GROUPS BETWEEN THESE
TWO OFFICES ARE DISPLAYED

O SPECIFYING ‘NEAREND’, ‘FAREND’, AND
‘GROUP^ID’,OR SPECIFYING THE REFERAL
NUMBER UNIQUELY DESCRIBES A SINGLE
TRUNK GROUP.

->TRUNK

TRUNK NUMBERS

RAMPART USES TWO DIFFERENT TRUNK
NUMBERING SYSTEMS; NAMELY, USER TRUNK
NUMBERS AND SYSTEM TRUNK NUMBERS. USER
TRUNK NUMBERS ALWAYS START AT ONE, AND
END AT THE NUMBER OF TRUNKS IN THE
GROUP. SYSTEM TRUNK NUMBERS ARE THE
NUMBERS USED TO ACCESS TRUNKS ON THE
SWITCH AND MAY RANGE FROM 0 TO 65000.

FOR COMMANDS WHICH REQUIRE TRUNK
NUMBERS,THE ‘/SY’ SWITCH SHOULD BE
ADDED TO THE COMMAND LINE WHEN REFER-
ENCING SYSTEM TRUNK NUMBERS.

->DATABASE

RAMPART DATABASE OVERVIEW

THE RAMPART USER DATABASE IS COMPRISED
OF THE FOLLOWING TWO FILES:

(1) CENTR. OFFICE DESCRIPTOR(COD) FILE-
THE EQUIPMENT LOCATED IN THE CENTRAL
OFFICE KNOWN TO THE SYSTEM. IT CONTAINS
SUCH INFO. AS COMMON LANGAUGE CODES,
LITERAL CENTRAL OFFICE NAMES, ROTL TYPE
AND ACCESS NUMBER, TESTLINE TYPES AND
ACCESS NUMBERS,ECT.

(2) TRUNK SOURCE FILE- THIS FILE
DESCRIBES THE TRUNKS LINKING IN
THE FILE. IT CONTAINS SUCH INFO AS
TRUNK GROUP ID, NUMBER OF TRUNKS IN
GROUP, LIMITS DATA, TRANSMIT LEVEL,
SIGNALLING,ROUTINE TEST INTERVAL,ECT.

THESE FILES CAN BE UPDATED BY THE USER
SOURCE EDITOR (USE) PROGRAM (INVOKED BY
THE CMDS ‘EDIT’ & ‘RUN USE’).

[DATABASE SUB-CMDS]

EXAMPLE
COD CEN-TRAL^OFFICE
TRUNK

->DATABASE COD

THIS FILE CONTAINS INFORMATION ON THE
EQPT. LOCATED IN KNOWN TO RAMPRT.
FOR DETAILED INFORMATION ON ITS CONT.,
RUN THE USER SOURCE EDITOR,SPECIFY COD
FILE EDIT, INVOKE CHANGE MODE ON AN
EXSISTING CENTRAL OFFICE RECORD, AND
USE THE HELP FACILITY BUILT INTO THE
EDITOR.

DATABASE EXAMPLE
—————-

,——————-,
, #3 EAX ROTL ,
, (TEST PORT ACCESS ,
, NUMBER = 5551234),
——————-
:
:
: :::::::::::::
:::::::::105 RESPONDER:
:::::::::::::

->CHECK

THIS COMMAND CAUSES A RAMPART TEST PORT
TO TO INITIATE A SELFCHECK SEQUENCE AND
RETURN THE SELFCHECK DISPOSITION TO THE
REQUESTING TERMINAL.

FORMAT: CHECK PORT # (OR ALL).

->EDIT

INVOKES THE USER SOURCE FILE EDITOR
PROGRAM WHICH IS USED TO UPDATE THE
RAMPART DATA BASE. THIS PRG. HAS ITS
OWN HELP FACILITY.

FOR INFO. ON THE RAMPART DATABASE IN
GENERAL, TYPE ‘HELP DATABASE’.

!WHACKOLAND!WHACKOLAND!
T READ PART II OF T
>T< W HACKING RAMPART FOR W C MORE IN DEPTH CMDS C B AND SUB^CMDS. B !WHACKOLAND!WHACKOLAND! WHACKOLAND (314) 256-8220 DOWNLOADED FROM P-80 SYSTEMS..... ���������������������������������������������������������������������������������������������������������

Hacking Rampart Systems Part 1

==)— P TO PAUSE S TO STOP —(==

 !!WHACKOLAND!WHACKOLAND!!
W W
H -> HACKING RAMPART <- H A SYSTEMS PT. I A C C K INTRODUCTION K O & O ' IN DEPTH COMMAND ' S SUMMARY S !!WHACKOLAND!WHACKOLAND!! INFO ON RAMPART SYSTEMS ----------------------- RAMPART SYSTEMS ARE USED BY CO'S SUCH AS METRO,MCI,SPRINT,ECT. WE HAVE FOUND THAT THEY ARE USUALLY SET UP LIKE WESTERN UNION'S EASYLINK SYSTEM. HERE IS A EXMAMPLE FOR METRO... YOU DIAL THE LDS SERVICE WHICH IN THIS CASE IS 314/342-1130 THEN YOU WOULD ENTER A CODE SUCH AS XXXXXX, THEN IT WOULD GIVE A CARRIER. YOU HAVE TO HAVE 1200BPS TO CONNECT WITH THIS SYSTEM. HACKING RAMPART --------------- FIRST OFF YOU'LL HAVE TO GET A ACCT. OR CODE TO ACCESS THE RAMPART SYSTEM TO DO THIS YOU'LL NEED TO WRITE A SIMPLE PROGRAM THAT WILL WARDIAL THAT LDS AND ENTER CODES EITHER SEQ. OR RAND., AND DO NOT HAVE IT DIAL A CARRIER LIKE ON A REGULAR CODE HACKER. IF IT IS THE CODE YOU ARE LOOKING FOR IT WILL GIVE A CARRIER IMMEDIATLEY AFTER DIALING IT. IT WILL CONNECT 300 & 1200, BUT WILL ONLY LET YOU ON THE MAIN SYSTEM 1200BPS WHEN IT FINDS A CODE FOR RAMPART HAVE IT CHECK FOR THE CARRIER DETECT, AND RECORD THE CODE'S THAT GET THE CARRIER DETECT. ] HACKING RAMPART ACCT [ OK AFTER YOU HAVE GOTTEN THIS FAR AND ARE CONNECTED TO THE SYSTEM, IT WILL GIVE YOU A '>‘ PROMPT. YOU CAN EITHER
ENTER ‘LOG’ OR ‘ACCT,PW’. WHEN YOU
ENTER LOG IT WILL SAY:
ACCT OR ID:
PASSWORD:

BASIC ACCTS ON RAMPART SYSTEMS THAT I
HAVE FOUND WERE…

ACCOUNT – PASSWORD
————– ——————
DEMO : DEMO
SYSTEST : SYSMNGR
RAMPART : SYSTEST
HELP : SYSTEST OR HELP

NOTE: THESE AREN’T PRIVLEDGED ACCTS.
TO GET A PRIV. ACCT, YOU MUST
HAVE THE RUT PASSWORD & ID.

RAMPART SYSTEMS COMMAND SUMMARY PT I
————————————

NOTE: YOU SHOULD READ THE INTRODUCTION
TO HACKING RAMPART SYSTEMS, BEFORE YOU
START ON THIS FILE.

OK THIS IS GOING TO MAINLY TELL ABOUT
WHAT THE COMMANDS AND SUB-COMMANDS ARE
USED FOR ON THE RAMPART SYSTEM.

HELP

THE HELP FUNCTION ENABLES THE USER TO
ENQUIRE ABOUT RAMPART SYSTEM CONCEPTS,
COMMANDS, AND SYNTAX. TYPE “HELP HELP”
FOR MORE SPECIFIC INFORMATION ON USE OF
THE HELP FUNCTION.

MORE HELP IS AVAILABLE UNDER THE SUB-
TOPICS:

HELP
ABORT
RUN
REFERRAL
TRUNK-NUMBERS
DATABASE
CHECK
EDIT

SEE HACKING RAMPART PT III FOR A SUM-
MARY FOLLOWING COMMANDS ————————————-
PUT
DISPLAY
TERMINAL
TEST
REPORT
PRIME
ROUTINE
LOGOUT
ERROR-CODES
—————

->ABORT

ABORT

ENABLES THE USER TO ABORT ROUTINE TEST-
ING OR SELECTED DEMAND TESTS. TO STOP
TESTS ACTIVE ON A SINGLE PORT, PUT THAT
PORT OUT OF SERVICE.

DEMAND ABORTS WILL NOT COMPLETE UNTIL
THE CURRENT TRUNK UNDER TEST HAS BEEN
FULLY TESTED.

ROUTINE ABORTS ARE THE SAME AS DEMAND
ABORTS.

> ABORT SUB CMDS < DEMAND ROUTINE ->ABORT DEMAND
(OR ALL)

ABORTS ALL DEMAND TESTS FOR THE
SPECIFIED TERMINAL NUMBER. IF NO
TERMINAL NUMBER IS GIVEN, ALL DEMAND
TESTS FOR THIS TERMINAL ARE ABORTED. IF
‘ALL’ IS SOECIFIED, ALL DEMAND TESTS IN
THE SYSTEM ARE ABORTED.

TO DETERMINE THE NUMBER OF A TERMINAL
WHICH ORIGINATED A DEMAND REQUEST, USE
THE ‘DISPLAY PORT’ AND ‘DISPLAY DEMAND
QUEUE’ COMMANDS.

NOTE: IF A DEMAND TEST IS IN PROGRESS,
IT WILL BE ABORTED AFTER THE CURRENT
TRUNK HAS COMPLETED TESTING.

->ABORT ROUTINE

STOPS ROUTINE TESTING WITHOUT AFFECTING
REGULAR START AND END TIMES. ROUTINE
TESTING WILL NOT START AGAIN UNTIL THE
REGULAR START TIME IS REACHED.

->RUN

RUNS THE PROGRAM-NAME

RUN’S THE RAMPART UTILITY PROGRAMS

‘RUN USE’ RUNS THE USER EDITOR(SAME AS
‘EDIT’ COMMAND)

‘RUN CIP’ RUNS THE CENTRAL OFFICE FILE
COMPILER(TYPE ‘HELP DATABASE’ FOR AN
EXPLANATION OF THE CONTENTS OF THIS
FILE)

‘RUN TAC’  

The Milnet File by Brigadier General Swipe/Dispater

][=———————————————————————–=][
][ ][
][ Finally it’s here………. ][
][ /\/\ /\/\ ][
][ / \ / / ][
][ \/\/\/il\/\/et ][
][ by: ___ __ ______ ][
][ __) / _` / ____/ ][
][ __)rigadier \__eneral / /wipe ][
][ ______________________/ / ][
][ /_______________________/ ][
][ (aka: Dispater) ][
][ ][
][ Thanx to: no one! G.D.I. (God Damn Independant) ][
][ ][
][=———————————————————————–=][
Into:
—–
First of all Milnet is a system used by the Air Force and the Pentagon for
communication use. You know you are on milnet when you see that infamous
TAC login xxx. Milnet is run out of the University of Southern California,
(this might give some of you some ideas who live around there).
Logon Info
————
The Milnet number is 1-800-368-2217.
The ISI MASTER DIAL UP IS 213-306-1366.
This is a more tricky logon procedure but if you got balls, you’re using a
trunk box, or you are just S-T-U-P-I-D here goes:
ISIE MASTER LOGON PROCEEDURE
—————————-
1> call 213-306-1366
2> when the phone stops ringing you are connected
3> enter location number (9 digits) + 1 or 0
4> hang up and it will call you
5> pick up the phone and hit the ‘*’ on your phone
6> hit a carriage return on the computer
7> at the ‘what class?’ prompt hit RETURN!!!
8> then a ‘go’ prompt will appear and log on as you would the 800 number.
MILNET LOGIN PROCEEDURE
———————–
If you have trouble connecting try 300 bauds instead of 1200. It’s a bite in
the ass but, sometime the connection will fuck up if you don’t.
When you first connect you will see:
‘WELCOME TO DDN. FOR OFFICIAL USE ONLY.TAC LOGIN
CALL NIC 1-800-235-3155 FOR HELP
WRPAT TAC 113 #:36
(you type)
@o 1/103
YOU ALWAYS TYPE @o then other connections are:
ISIA 3/103
ISIB 10:3/52
ISID 10:0/27
ISIE 1/103 (THE EXAMPLE)
ISIF 2/103
VAX A 10:2/27
——————————————————————————-
Next you will see a ‘USER-ID’ promt. The first 4 characters vary but it is
is always followed by a ‘-‘ and what ever connection you choose.
User-Id: (example) CER5-ISIE or MRW1-ISIE
The first three letters are the initials of the user followed by a random
number (1-9).
——————————————————————————-
Access Code: (example) 2285UNG6A or 22L8KK5CH
An access code will never contain a ( 1, 0, G, Z).
——————————————————————————-
@ USERNAME + PASSWORD IE USERNAME SAC.305AREFW-LGTO
THE USERNAME EXPLANATION:
The first 3 letters will be SAC. This stands for Strategic Air
Command.
Followint that is a ‘.’ Then the squadron number and the prime mission.
In this case ‘305AREFW’, (305TH AIR REFULING WING). Then a ‘-‘ and the
Individual Squadron name ‘LGTO’ (LOGISTICS GROUND TRANSPORATION OPERATIONS),
a fancey name for the motor pool. I’ll try and get a list of these there are
tons of names.
The password will not be echoed back and should be entered after a
the username.
The new user password as a default is: NEW-UZER-ACNT
——————————————————————————-
+————-+
THINGS TO DO: PROGRAMS AVALIABLE TO SAC USERS:
+————-+ and what they are for
copied direcly from the help manual
ADUTY aids in management of additional duty assignments.
(International help – use the ? and keys, HELP.)
ARCHIVE requests files to be stored on tape for later retreval.
(Type HELP ARCHIVE at TOPS-20.)
CHAT Provides near real time communication between terminal users on the
same host computer.
(Use ? with CHAT.)
DAILY Executive appointment scheduleing program
DCOPY Handles output on DIABLO and XEROX printers
EMACS Powerful full-screen text editor
FOLLOW Suspense follow up program
FTP provides file transfer capabilites between host computers
FKEYS allows user to define function key (real spiffaruni)
HELP the command used by stupid generals or hackers that have never used
milnet before
HERMES E-Mail
NCPCALC spreadsheet program
PHOTO saves transcripts of sessions
REMIND sends user-created reminders
RIPSORT a sophisticated data sorting program
(Described in SAC’s User manual (sorry))
SCRIBE a powerful text formatter for preparing documents.
(ISI’s manual, SCRIBE manual – soon on MILNET V.2)
SPELL text file spelling checker.
(HELP at TOPS-20 and directory international help -?)
SUSCON allows the creating, sending, and clearing of suspenses.
(international help – ? and , HELP command)
TACOPY used for printing hard copies of files
(international help – ?)
TALK pretty much the same as chat.
TIPCOPY predecessor of TACOPY
TEACH-EMACS (SELF EXPLANITORY: GIVES LIST OF COMMNADS)
TN Tel-Net provides multi-host access on MILNET.
(HELP at TOPS-20 and directory,
international help – use ? and )
XED line oriented text editor.
(HELP at TOPS-20 and directory)
LOGGING OFF
————
TYPE: @L (PRETTY TOUGH HUH?)
+——————+———————————————————–
The Milnet ID card If you should be trashing somewhere and find a card that
+——————+ looks like this, then save it. (it will be blue & white)
_______________________________________
/ \ It’s also wallet sized so you may
HOST USC-ISIE 26.1.0.103 wish to mug someone who you know
HOST ADMINISTRATOR GORDON,VICKI L. is in the air force..haha!
————————————— (just kidding!)
DDN CARD HOLDER:
REID, CALVIN E, 1st LT.
CARD 118445
—————————————
USER ID:CER5-ISIE
ACCESS CODE:2285UNG6A
USERNAME: SAC.305AREFW-LGTO
PASSWORD: NEW-UZER-ACNT
\_______________________________________/
——————————————————————————-
——————————————————————————-