backdoor account for Micro/RSX ? --> follow-up, a bit long

From: Gooijen H <GOOI_at_oce.nl>
Date: Thu Jan 3 01:48:07 2002

Hi all.

Well, what Johnny proposed works almost, but the information
was useful enough to get in. He's the story of yesterday eve.

^Z will pop up the time/date prompt again. Hitting ^C gives
the DCL> prompt. When you enter RUN $ACNT (without the CR
because I was re-reading the e-mail from Johnny again), the
system appends ^U after some 30 seconds and asks again for
the time and date. Again ^C, followed by RUN $ACNT and now with
the CR, gives the response "MCR -- Task active" and the time and
date prompt reappears. So I hit ^Z (according to my notes when
I am typing this, but now I am not sure whether it was ^Z or ^C,
followed by a CR.
To my surprise the screen blanks and the top line shows:

    *** Micro/RSX Account File Maintenance Utility ***
  Account file is now sorted by UIC
  Account Utility options are:
  <the list>

Using the List option it shows just two accounts:

Owner=[001,010]
L_name=MICRO Login_defaults=SY00:[SYSMGR] Password=(ENCRYPTED)
Def_CLI=DCL F_name= Account=#1
Total_logins=39 Session ID=PRV
Characteristics=NOSlave Last_login=14-FEB-97 13:41:51
NODef_Protection Def_dir_string NOSilent

Owner=[201,001]
L_name=USER Login_defaults=SY00:[USER] Password=(ENCRYPTED)
Def_CLI=DCL F_name=A.NEW Account=#0
Total_logins=0 Session ID=USR
Characteristics=NOSlave Last_login=None
NODef_Protection Def_dir_string NOSilent

So, it appears as if the user of this system has always used the
priveleged account. With the Modify option I changed the password
to supervisor and the I terminated the utility. Guess what?
The account MICRO/SUPERVISOR lets me in! This shows up:

Micro/RSX V3.1 BL24C [1,54] System MICROD
2-JAN-02 20:24 Logged on Terminal TT0: as PRV1
Good Evening

       ******************************************
       * Welcome to Micro/RSX *
       * Version 3.1 Base level 24C *
       * This is file LB:[1,2]LOGIN.TXT *
       ******************************************

$ _at_LB:[1,2]SYSLOGIN.CMD
$_at_ <EOF>
$

I entered "SHOW DEV" and this is the result:
TT0: [SYSMGR] [1,10] Logged in Loaded
TT1: Loaded
TT2: Loaded
TT3: Loaded
TT4: Loaded
TT5: Loaded
VT0: Loaded
VT1: Loaded
RD0: Loaded
DU0: Public Mounted Loaded Label=MICRODRSX Type=RD53
      Cached
DU1: Loaded Type=RX50
DU2: Loaded Type=RX50
DU3: Offline Loaded Type=unknown
MU0: Loaded Type=TK50
NL0: Loaded
TI0:
CO0: NL0:
CL0: NL0:
SP0: DU0:
LB0: DU0:
SY0: DU0:

I do not know what DU3: could have been. MU0: is recognized
because the controller is in the system, I presume. At the
rear a 3-row, many (50?) pins male "D"-connector is fitted.
I will open the box this evening.
Here are some questions aI have.
Is Micro/RSX 3.1 an old version? It accepts 2002 without any problem.
Are there special things to look for? What commands do I need to get
the information about the system?
I want to add a DELQA. Can this be placed in any slot?

I finished the proper way: "RUN [1,54]SHUTUP".
That's what I am doing now. The mail is long enough.

- Henk.
Received on Thu Jan 03 2002 - 01:48:07 GMT