The invasion of Spy satellite system technologies-vulnerability warning-the black bar safety net

ID MYHACK58:62200821681
Type myhack58
Reporter 佚名
Modified 2008-12-28T00:00:00


  1. VAX: VAX stands for Virtual Address Extension. The VAX computer is due to hardware limitations, is designed to store the address, so that it can be a simple operation to some great adapted to store the program. The VAX computer system is the DES(Digital Equipment Corporation)Company design. Universal VAX series includes some desktop VAX systems use a large machine on the Processor. These series of computers become smaller, such as Mage computer gradually upgrade, like some medium-size 1 1/7XX series, to the latest 6 0 0 0 series. These computer systems commonly use an open type of system VMS.

VMS: VMS stands for Virtual Memory System. The VMS operating system is very similar to other open-type system. DEC company to use this system to their company's computer applications to commercial and engineering industries, before that, the VMS system is only applied to a single-machine system. VMS company contemplates a development of the road, their VMS system into some basic computer management application from the personal home user and some other of the computer system.

DCL: DCL stands for Digital Command Language. It makes the VMS system on the basis of language. Those of you who have IBM System, can you imagine the DCL program is similar to a batch file. You can use it to do many things. Than PC-DOS or MS-DOS more but it work is to use some basic and the same method. There is a difference is that you in the DCL program where you want to display any of the file must be in the prompt previously entered a“$”symbol. DCL programs usually call the COM as the extension of the files is very fast and easy. When you are not executing a COM or DCL program file, almost at the DCL processor always display certain file.

When you get into a VAX system, you will see something similar to the following interface:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WELCOME



Username: (username here) Password: (password here... does not echo)

$ (<-- this is your prompt) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


You will know if you have a VAX display system, if you get a username and password prompt, then the following will help you to guess the password.


Here I will only tell you one thing. The VMS 4. X and in particular of the VMS4. 4 system is Jinshan, a treasure trove. Now, I'm not into this internal system, because it has a lot of explanation is not suitable for our attack range. You can be on the ARPANET and USENET, found that many such discussions. You can also from the COMPUSERVE information service to obtain information in this regard, the bit of information exchange, the DES company's VAX BBS. In VMS5. 1 System there is a lot of vulnerability, but this vulnerability is not very serious. If I send enough requests, I will be able to with additional information covering this information.

Use the default settings into the VAX computer:

When installing these VAX systems, the system has several Default Account number can be entered. These account passwords in the system and between systems is not going to change. The system administrator should delete these accounts or change the password, but the default account in a very long time is not known. Below I will list the default account:


In my list some of the password where I found these user names have a lot of default have password. Beside these there is an asterisk to the Default Account are some of the very strong account.

VAX VMS commands:

When you get the"$"symbol, you will be able to show more than one hundred commands. I will introduce a few more commonly used:

@ The implementation of this program. When you want to run a DCL BATCH or*. COM file, you must be in these documents previous input@ all.


ACCOUNTING - this is a running account of the program. If you exit a system, you can find the screen shows you from entering the system to exiting the system with time, in this time, this account is being used. If your account information forget the words, you can be in the system administrator within the system when the input to this command to get your information.

CREATE-display any file. If you are in your computer and the PASCAL compiler to write a program, you can upload this file to the VAX computer with this CREATE command execution. EX:CREATE program. pas;1

CREATE/DIR - this will be for you to create an empty directory. I will explain how in a minute go get a VAX system. See the SET command. EX:CREATE/DIR NameOfDir

DELETE - is used to delete the file or remove empty directory. To delete a file, the display shows“DEL FILENAME. EXT;X”delete an empty directory, first delete the directory all the files“DEL/LOG .;*” Next, you can set a protection:“SET PROTECTION=OVNER DIRNAME. DIR” next, delete the directory:“DEL DIRNAME. DIR”


DIRECTORY - shows you the file exists in the directory. Adding“/BRIEF”command will give the list a short list, add“/FULL”will give you a whole screen of a list including each file's security information. You can use the DIR command and a wildcard character to shorten the file length.“*” Number can represent any length of the file."%" Being able to represent any one letter.

EDIT-this command is to write to design. There are many VAX systems are used similar to the MS-DOS/PC-DOS command line of the writer. In any case, many of the VAX computer system is to use the EDT/EVE editor to perform editing. You can use this editor to quickly do a lot of things. But just use your terminal to control it is very difficult. VT-1 0 0 run speed is very slow. If you use the EDT/EVE editor to edit the time, you can try with VT-2 2 0 terminal system to the landing.

HELP - this command is a HELP program.

LIBRARY-is used to archive. If you're a novice, you may not use this command. Now I brought it is because I will print it out and more people on the VAX system left a deeper discussion.

LOGOUT - exit the system.

MAIL - load MAIL program. Be used to send MAIL to other users on the VAX is connected on the INTERNET, can also be used to to the network on the sent EMAIL. At the same time, it is also able to send data to the computer.

$PASSWORD - modify the password. EX:$PASSWORD MYNEWPASS

PHONE-this command is used and other user session. This command is a command other than the command to be superior. Once the PHONE command is executed, Your"$"prompt will be“%”prompt. If you want a certain person to send information, it first shows your username. If you are in a different node to send someone information, it shows you the node name, two colons, and his user name. You spend a lot of time before will find this vulnerability. Especially school computers.) But the change with the network communication MAIL and PHONE orders. EX: PHONE % node13::dlight

PHOTO-records session.

RUN-run the executable file.

SET-this is a very versatile method.

SHOW-this also includes many, but there is no SET usage. I am now listed in the SHOW command using the method. EX:SHOW USERS THE DAV

CLUSTER-VAX string DEFAULT-directory path and drivers. DEVICES-system driver. INTRUSION-the system account is cracked. MEMORY-resource memory NETWORK-network and the VAX within a specific area. PROCESS-program name display Personal Identification. PROTECTION-protect the file. QUOTA-displays your account number within the disk space. SYSTEM-various system information. DAY-Date. TIME-to-time. USERS-the system for all users.

TYPE-the display is sent to the terminal the contents of a file. EX:TYPE DAVID.TXT;3

SET command:

The SET command is a very versatile command. It is in the VMS level 5 DCL program is the Universal command.


I suggest it should be more frequent using the SET command relating to the protection options. Those protection orders, such as we are familiar with the SOGW or UIC protection command, are able to put in anything that can be executed or written to a file or directory. To set these protection also includes the ability to in the VAX system to read, write, execute or delete your files or directories of different users. This file is also protecting those that are used to set this option. One example is:


如果 你 在 DCL 程序 中 显示 这个 命令 是 为了 调用 DAVID.EXE;4 This app, then the file owner will do to this file in addition to executing the command outside of any other commands. Anyway, the next examples are as follows:


You will be able to press“R”for Read,“W”write,“E”execution and a“D”on the Delete button to execute the program. A similar command can also be applied to directories. Only with the above file name is replaced with the directory name. When you are creating a directory, the SET command can be set to you can't delete it. Speaking in front of so many, so you should summarized a formula:“SET PROTECTION OWNER DIRNAME. DIR;1”and“DEL dirname. dir;1”to remove this directory.

The other owner, UIC File Protection some of the following commands.

WORLD-system within any advocacy. GROUP-your group among all users. OWNER-only your account number or match the UIC on. SYSTEM-any one that has SYSPRV privileges or the 8-ary UIC group.


This is the one we entered into the VAX system is very important command. If you have a VT100 terminal software. Then you can use it:


This additional terminal may be provided, for example: SET TERMINAL/WIDTH=8 0-set the width to 8 to 0. The SET TERMINAL/ADVANCED_VIDEO =set 124X24. The SET TERMINAL/ANSI_CRT =ANSI set the export sequence. The SET TERMINAL/AUTOBAUD =possibly get a higher bit rate. SET TERMINAL/BROADCAST =enable this information to be able to use SEND,MAIL&PHONE commands to send. SET TERMINAL/DEVICE_TYPE=VT220-sets terminal from VT220 to control. The SET TERMINAL/ECHO =enables the ECHO command from the DCL command line start. The SET TERMINAL/FULLDUP =so that both sides can be full. The SET TERMINAL/HANGUP =if the terminal is not information returned when the account is automatically logged off. The SET TERMINAL/INQUIRE-shows the terminal driver. SET TERMINAL/PAGE=4 3-4 3 line length. The SET TERMINAL/TYPE_AHEAD-set the display head features. SET TERMINAL/UNKNOWN-used to display the ASCII device. The SET TERMINAL/WRAP =used to set characteristics of the protection.

All of the above with the“=”represents the item than with a“-”indicates the settings more easily be changed. In front of the set is not a To set the directory. EX:SET TERMINAL/NOECHO

Set the default value or anchored to the VAX system around.

Remove the VAX around the DCL,directory of inside and outside, I need to tell you to set the default value of the command. It's a bit like the UNIX and MS-DOS/PC-DOS CD command, in addition to the format of the CD command is different. This format is“SET DEFAULT[. SUBDIR]”to go into the subdirectory,“SET DEFAULT[-]”into the parent directory. I will explain the change in disk usage. If asked to, to retain the? trouble with some things, first, I will show below an example, then put this example to explain to other people is a very brainless thing.

$ DIR (step 1) PROGRAM.EXE;2 PROGRAM.EXE;1 $ CREATE/DIR example (step 2) $ DIR (step 3) EXAMPLE. DIR;1 PROGRAM.EXE;2 PROGRAM.EXE;1 $ SET DEFAULT [. example] (step 4) $ DIR (step 5) no files, animals, vegetables, nor minerals error $ SET DEF [-] (step 6) $ COPY PROGRAM.EXE;2 [. example] (step 7) $ SET DEF [. example] (step 8) $ DIR (step 9) PROGRAM.EXE;2 $

This is what I do:

STEP 1: I try to look at this directory content. I found my in this directory with a No. 1, and version 2 of the PROGRAM. EXE program. STEP 2:I create an"EXAMPLE." This directory, this directory appears to be not to be noticed.

STEP 3: once again, I am viewing this directory, find this directory in a directory"EXAMPLE. DIR;1."The. This is a newly established directory, the extension is“DIR”, so it is a directory.

STEP 4: I used the SET DEFAULT command to change the directory. You must use this format to go into the subdirectories.

STEP 5: I again and again to view this directory, I directory what resources are not. If you're on an empty directory to the input DIR when there will be an error.

STEP 6:This command is used to enter to the upper layer of the parent directory. Remember the parent directory that contains "EXAMPLE. DIR;1,"directory? This DEFAULT option can be abbreviated to DEF.

STEP 7:here I will illustrate how to move the program. 我 刚才 拷贝 了 一 个 PROGRAM.EXE;2 application to EXAMPLE directory.

STEP 8:look at the third step

STEP 9:I once again enter the DIR command to view my EXAMPLE. DIR;1 Within the content. 发现 PROGRAM.EXE;2 already in my directory.

If you still do not understand the basic VAX commands, then you just go on!

Sometimes you will enter a large directory, there are a lot of good things to help you not to commit the next and wasting a lot of time.

ADA ADA editor resource file encoding BAS BASIC Editor resource file encoding B32 BLISS-3 2 editor resources coding file C C editor resource file encoding COB COBAL editor resource file encoding FOR FORTRAN editor resource file encoding MAR MACRO editor resource file encoding PLI PL/I editor resource file encoding

CLD DCL command description file COM DCL batch or command procedure file DAT date file DIS classification file DIR directory file EDT EDT to edit the program command file EXE executable program HLP text for help libraries JOU EDT editor log file LIS system listing file LOG batch output file MAI MAIL message file MEM DSR output file OBJ the object connected to the file RNO DSR resource file SIXEL the SIXEL graphics file SYS Image File TJL when there are unusual event happened, the generated log file. TMP temporary files The TPU editor command file TXT the text input file UAF user authorization file