14


                 How to fight Sprint Sec
urity

     Well  friends,  Sprint has declared
 war on the phone phreaks 
and  is  starting to set traps,  trace l
ines,  and  question  the 
SYSOPs  of  BBS  systems.   I thank that
 this has  gone  on  long 
enough!
     It  time we start to fight back.   
What I would  suggest  is 
that  everybody find five or ten access 
codes and put these on  a 
flyer  with a local access number and in
structions on how to  use 
the system and how to find more codes.  
Next, make a LARGE number 
of  copies  of  this  flyer  and distrib
ute  them  as  widely  as 
possible.   Put  them on cars in the sch
ool parking lot,  in  the 
local phone booths, on bulletin boards a
round colleges, etc.
     If Sprint starts experiencing a VER
Y large number of ripoffs 
then a number of things could happen.  T
he bright boy in security 
who decided to start the crack-down may 
get fired,  paying custo-
mers may get fed up with the huge  bills
,  SPC may make the codes 
longer  and thus lose customers because 
of the  inconvenience  of 
the  longer  codes.   In any case,  SPC 
will have so many  people 
using the system for free that the chanc
es of them getting anyone 
of us is so small as to be insignificant
.
                                        
Nickie Haflinger,
                                        
The Coven

Bulletin
 to print, <L> for list, or <RETURN> to 
exit? 15


        So, you've decided that you'd li
ke to try to down an
RSTS system? Well, here's a beginner's g
uide:
        The RSTS system has two parts, t
he Priviledged accounts,
and the User accounts. The Priviledged a
ccounts start with
a 1 (In the format [1,1], [1,10], etc. T
o show the Priv.
accounts we'll just use the wildcard [1,
*].)
        The priviledged accounts are wha
t every RSTS user would
love to have, because if you have a priv
iledged account
you have COMPLETE control of the whole s
ystem. How can
I get a [1,*] account? you may ask....We
ll, it takes A LOT
of hard work. Guessing is the general ru
le. for instance,
when you first log in there will be a # 
sign:
        # (You type a [1,*] account, lik
e) 1,2
        It will then say Password: (You 
then type anything up
        to 6 letters/numbers Upper Case 
only) ABCDEF
        If it says ?Invalid Password, tr
y again ' then you've
not done it YET...Keep trying.
 
        Ok, we'll assume you've succeede
d. You are now in
the priviledged account of an RSTS syste
m. The first
thing you should do is kick everyone els
e off
the system (Well, maybe just the other P
riviledged
users)....You do this with the Utility P
rogram.
        UT KILL (here you type the Job #
 of the user you'd
like to get ut of your way). If the syst
em won't let
you, you'll have to look for the UTILTY 
program. Search
for it by typing DIR [1,*]UTILTY.*
Now, you've found it and kicked off all 
the important
people (If you want you can leave the ot
her people
on, but it's important to remove all oth
er [1,*] users,
even the Detached ones). To find out who
's who on the
system type SYS/P- (That will print out 
all
the privileged users). Or type SYS to se
e Everyone.
        Next on your agenda is to get al
l the passwords
(Of course). Do this by run$MONEY (If it
 isn't there,
search for it with DIR[1,*]MONEY.* and r
un it using
the account where you found it instead o
f the $)
        There will be a few questions, l
ike Reset? and
Disk? Here's the Important answers.
        Disk? SY (You want the system pa
ssword)
        Reset? No (You want to leave eve
rything as it is)
        Passwords? YES (You want the pas
swords Printed)
                        There are others
, but they aren't
                        important, just 
hit a C/R.
        There is ONE more, it will say s
omething like
        Output status to? KB: (This is i
mportant, you
want to see it, not send it elsewhere).
 
        Ok, now you've got all the passw
ords in your hands.
Your next step is to make sure the next 
time you
come you can get in again. This is the h
ard part.
        First, in order to make sure tha
t no one will
disturb you, you use the UTILTY program 
to make it
so no one can login. Type UT SET NO LOGI
NS. (also
you can type UT HELP if you need help on
 the program)
        Next you have to Change the LOGI
N program....I'm
sorry, but this part is fuzzy, Personnal
ly, I've
never gotten this far. Theorectically he
re's what
you do: Find out where the program is, t
ype
DIR [1,*]LOGIN.* If there is LOGIN.BAS a
nyplace,
get into that account (Using your passwo
rd list,
and typing HELLO and the account you'd l
ike to
enter). On the DIR of the program there 
is a date
(Like 01-Jan-80). To make it look good y
ou type
UT DATE (and the date of the program).
Next, you make it easy for yourself to a
ccess the
program. You type PIP (And the account a
nd name of
the program you atre changeing) <60>=(ag
ain the
name of the program).
        Now what you do is OLD the progr
am. Type
OLD (Name of the program)
        Now that is all theoretical. If 
anyone runs
into problems, tell me about it and I'll
see if I can either figure it out or get
 someone
else to.
        Next thing you want to do is LIS
T the program and
find out where The input of the Account 
# is.
To get this far you have to knwo a lot a
bout programming
and what to look for...
        Here is generally the idea, an i
dea is all it is,
because I have not been able to field te
st it yet:
        Add a conditional so that if you
 type in a code
word and an account # it will respond wi
th the password.
        This will take a while to look f
or, and
a few minutes to change, but you can do 
it,
you've got that RSTS system in your back
 pocket.
                Let's say you've (Someho
w) been able
to change the program. The next thing yo
u want
to do is replace it, so put it back wher
e
you got it (SAVE Prog-name), and the put
 it
back to the Prot Level (The # in the <##
#>
signs) by typing PIP (Prog name)<232>=Pr
ogname
        (Note, in all of this, don't use
 the ()'s
they are just used by me to show you wha
t goes
where).
        Now you've gotten this far, what
 do you do?
I say, experiment! Look at all the progr
ams, since
you have Privilged status you can analyz
e every
program. Look around forthe LOG program,
 and
find out what you can do to that.
                The last thing to do bef
ore you
leave is to set the date back to what it
 was using
the UTILTY program again UT DATE (and th
e current date).
                        If you have any 
problems,
                        questions, or ex
periences, don't
Hesitate to write to me.
                        I'd love to hear
 what you did.
 
                                Sam Snee
d

Bulletin
 to print, <L> for list, or <RETURN> to 
