| From: | "Robert A. Hayden" <hayden@*******.MANKATO.MSUS.EDU> |
|---|---|
| Subject: | G-004-a: tech, cpu controllers |
| Date: | Tue, 26 Oct 1993 22:51:08 -0500 |
frames,
killer ice, and GigaPulse program sizes is the simple art of convincing a
computer to do something for you, as opposed to forcing it to.
There are myriad advantages to this. The first and foremost is that it
doesn't set off any alarms (assuming you do it right). However, it does have
problems, of course. Otherwise people will still be doing it.
So how do you do this wonderful thing?? Okay:
First you must get to the CPU
Second: You must deceive the CPU into thinking you are a permitted user. This
isn't easy. [Deceiving a node has a target number of 10, and is a resisted
success test. The node gets dice equal to it's rating times (it's level + 1).
An example: A Blue-2 node only gets 2 dice (Rating = 2, Level = 0). A Red-6
node gets 24 dice (Rating = 6, Level = 3).] You can actually do this to any
node, but if you do it to the CPU, it works for the entire system. (Natch,
doing it to only one node only works for that node. Also, until the CPU is
fooled, the check must be made every time you enter the node.) This deception
will last until you leave the system.
Third: Having convinced the CPU you are a local sysop, you can do damn near
anything. HOWEVER: Failure to convince the CPU (or any node) that you are a
valid user will set off a passive alert.
If you've got in, you must think of things to play with. You can activate any
programs the system has on-line. You can run batch scripts, remove files, in
essence, anything a sysop could do at his terminal. Most importantly, you can
get it to do delayed actions. [Executing a command is a Computer test, vs TN of
4. For really tricky stuff, the number could be bumped up.]
Now, this would be fine if the computer was all there was. However, corps being
suspicious folks, often get people to look over things. So, you've got to make
your activity look normal. [ This is a Computer Theory test, TN the sysop's
Comp. Theory. It's resisted by the sysop's Comp. Theory, to which is added the
rating of the CPU, plus it's level. TN is your Comp. Theory.] If it's not
normal-looking, the sysop will do things like come and have a look, all the way
up to logging you out. This doesn't kick you out, but it will stop the computer
thinking you belong, and probably set off an Active alert.
It's not easy. But if you can pull it off, you've got an in on the system. My
all time favourite use for this is making other sysop accounts. ]<<<<<
-- Rising Storm (05:15/5-JUL-54)
Okay, this is a quick sketch of how you can do things like make a system think
you REALLY belong. One other side effect of making the Deception test: You can
ignore node threshold (after all, if you belong, it won't resist you).
Tell me what you think.
--
Robert Watkins
bob@******.cs.ntu.edu.au
************ It wouldn't be luck if you could get out of life alive. ***********
____ Robert A. Hayden <=> hayden@*******.mankato.msus.edu
\ /__ -=-=-=-=- <=> -=-=-=-=-
\/ / Finger for Geek Code Info <=> Veteran of the Bermuda Triangle
\/ Finger for PGP 2.3a Public Key <=> Expeditionary Force -- 1993-1951
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1) GSS d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
