Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Antique Systems :: hp3000.txt

Hacking the HP3000




          Hacking on the run
                vol. I
                  By:
        -x-x-x- Eastwind -x-x-x-

   Okay in this volume I'm going to
ramble on about hacking the HP 3000
series mini-computer... Don't let the
mini part fool you, these computers can
have some real power, and the fact that
they were put online means they have
something worth looking at...

 Identifying an HP 3000 is easy as they
have one of the most unique logon
screens that I've seen...
 The only prompt you see is a colon.
Typing garbage at the prompt will get
you a message something along the lines
of :

EXPECTED HELLO USER.ACCOUNT [JOB,GROUP]
or CMD

 This verifies beyond a shadow of a
doubt that you've found an HP...

 The logon sequence on a 3000 look
something like this -->

Hello Username.Accountname 

Sometimes there is a group name
attached like this -->

Hello Username.Accountname,Group

  There is a separate password for each
part of the system, (ie. one for the
management one for the supervisor, one
for the mail base...), and to access
the files in each one you have to have
the account name, the user name, and
sometimes the group name, plus if there
is a password assigned to that account
you have to have it too, one for each
of the three names...[User, account,
and group].

  In a second I'll tell you the
backdoors and a little more about
getting on but first a few commands to
make life easier once you get on...

LISTF <-- this lists all the files in
that account

HELP <-- invokes the help facility,
would be a good idea to look through
this pretty thoroughly

EXAMPLE <-- this will give you an
example of how to implement any command
that you specify after the EXAMPLE
command ie. EXAMPLE MOUNT

BYE <-- this is VERY important ! If you
don't logoff an account on an HP it
will keep that account open even when
someone else calls back. It would be
very easy to get caught that way by
having people logon and notice that
their account was open when they hadn't
even used the modem for days...

HELLO <-- part of the logon sequence,
it can be issued while online to enter
another account. CAUTION - when you
enter this command you will be logged
off the account currently logged in
under and you will no longer be able to
issue commands until you relogon. This
command is great to go from account to
account w/o having to hang up.
   <NOTE> Too much account hopping in
one session is VERY dangerous as there
are often resource traces on the system
that log the actions of users.

LIST <-- if the account is a text-file
it can be read using this command, I'm
not exactly sure how to tell what type
of file is what as they usually have no
extensions. You can't hurt the computer
by LISTing a non text file but it may
take quite a while to clear completely
  ---> NOTE <--- I have found that some
of the older versions of the HP
op-system do not have the built in
command to list a phile, and that they
must run a program called LIST... So if
when you type LIST nothing happens or
you get an error then try to RUN LIST,
It should ask you for the file name to
list and then you can tell it what to
call it...


  Well that's the basics for now.
There'll be more further on...[This
isn't going to be a schluck phile, this
is quality stuff]... 
  Okay now we need to get on the
system... Here's what you do:

 At the colon prompt type -

HELLO FIELD.SUPPORT,PUB


This is the backdoor to most HP 3000.
Unfortunately it is locked off or
removed by some worldly wise System
managers...(More on this in a sec.) If
it is then try this one -->

HELLO MANAGER.SYS,PUB

This is the manager's account and it
will usually be protected by a User
password and an Account password. These
will be invaluable later since most
managers hate to memorize more than a
few passwords and they need to have
access to more than a few accounts.
I can't really help you on hacking the
passwords. That's usually where
guesswork and intuition come in,...
Sorry...

  Now for the standard back-door -->

HELLO FIELD.SUPPORT,PUB

 This account if present should have
system manager capabilities and you can
make a new account of your very own.

This is the procedure for making a new
account -->

NEWACCT GREEN.GRILL;PASS=WILDERUN
NEWUSER GRILL.GREEN;PASS=SWARD
ALTACCT 
GREEN;PASS=WILDERUN;CAP=AM,SM,GL,AL,PM,S
F,PH,OP

(the ALTACCT...OP all in one line)
after each line hit a <CR> and then 
type the next... A note about the
abbreviations in the last line, these
are your capabilities on the system, to
see all the possible combinations of
letters mess up and type something that
has more than 2 letters and 
you will see something that says -->

EXPECTED ONE OF THESE [
AM,DF,ER,DE,WQ,AS,DS,XZ,ZX,CV,VC,VC,VC,FG,RF,TY,UH,JU,KM,NM]

   Those are just examples, and each
system may have its own variations of
extra ones that add special
capabilities, so look at this once or
twice and then try to make a really
powerful account by including all of
these in your ALTACCTstatement... 

  NOTE --> If you decide to hack an HP
3000, try this account first and if you
get in then leave me some mail in the
form of a basic program that just tells
me who you are (handle of course) and
when you get on, go and make your own


 An HP 3000 has a few problems or at
least it seems like it from a hackers
view. You see once you get on with your
very own account, you still can't see 
any files no matter how powerful you
are. What you must do is to logon under
the different accounts on the system to
see what each person has to look at...
 There are ways to get around this I am
learning, but it's too much for a first
time type of thing, so call back
later...
 To get a listing of all the accounts
on the system use this command -->

LISTACCT 

 This will be a Mega-Long list and 
might keep your computer tied up for a
few hours depending on how many 
accounts there are...

  What you'll see looks something like
this -->


A =  BUDGET  
041125 042107 042524 020040 155403
000613 000000 000000 BUDGET..........
046507 051040 020040 020040 041125
042107 042524 020040 MGR.....BUDGET..
000000 000226 000000

  the A signifies that you are looking
at an account, and the line of dots
contains a password, if there is more
than one word in the dots then try each
of them until one works. This is the
account password... Lord only knows 
what the numbers mean...

 To get the user name and password then
type this -->

LISTUSER .BUDGET 

 This should give you a list of all 
users on that account. TRe format of
this listing will be much the same as
the one for the account listings except
the A will be replaced with a U... The
password is in the same place as
before...

 In case the account requires a GROUP
name and GROUP PASSWORD then you get
that like this -->

LISTGROUP USERNAME.ACCOUNTNAME,

Replace USERNAME and ACCOUNTNAME with
the appropiate names for the account 
you are interested in...

 You can now do this with any accounts
yu like and look into any accounts 
that might interest you...

 You now have about total control over
the HP 3000. Look around, and play with
things, BUT don't screw up and ruin
anything...
 There are five languages on the 
HP 3000 standard and th
play with, but it's dangerous to use 
them unless you know how to program in
them because your terminal will be
expecting a valid command and you might
not know what it is and have to leech
logoff and that can mess up the
system...

  A couple o' notes to think on -->

 Sometimes the processor stops for up 
to 45 seconds at a time, this is to
service all the other users on the
system, you can allocate more time for
your account but that's for a later
phile... So don't get paranoid and hang
up just cuz the system is doing 
more than one thing at once... It will
usually service the other users even if
they aren't logged in, but getting 
around that is for another phile also.
 The word processor on some older HP's
is the TDP program. To run it type -->

RUN TDP.PUB,SYS

If that file can't be found then 
type-->

RUN HPWORD and see if that gets any
results...

  ---> SPECIAL TACTICS TO USE IN THE
EVENT OF MASSIVE FRUSTRATION <---

  An HP3000 is easily interrupted by an
emergency interrupt done by your
friendly Bell operator. (Note that it 
is illegal to make an emergency
interrupt except in the case of an
emergency.) [That was a disclaimer of
sorts. So now I'm off the hook for
anything you do under my guidance...] 
So anyways when the HP3000 drops a
person from the modem w/o a valid 
logoff sequence it may hold the account
valid for hours. In fact I have
accidently cut my power in mid LISTACCT
and come back about 2.5 hours later and
found it still ready to list...
(Seriously...) So when you cut someone
off get ready to call and logon under
their name as quickly as possible...


 Like I said before if you can get on a
system then make the  GRILL.GREEN
account and leave a BASIC program full 
of REMs that tell when you set up the
account and who you are. If you logon 
to an HP3000 that has this account then
leave your own REM listing.
To do this type -->

BASIC

Then enter the program and SAVE it ... Then type EXIT and LISTF
all the files to make sure yours is
there...

   Have phun ....
                          - Eastwind

CALL THE CLLI CODE AT 718-279-1110
SYSOPS: LORD MICRO
	LUTHER



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH