Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Dialup BBSes :: v2_hack.txt

ViSiON: ViSiON/2 backdoors and ways to hack it




              ®The árotherhood of Gíds and âetards¯
                            ®present¯
               "ViSiON/2 Backdoors and Ways to Hack it!"
                    by Son of the Evil Hacker
                            02/19/94

        I don't know how many times that I have seen people say they have a
cool bbs just because they have cool bbs software.  I have called many boards
that were running my personal favorite (Vision/2) and the board REALLY sucks!
This not only makes the board look like shit, but it makes the area code and
the software itself look bad as well.  Well, I am here to help you crash that
shitty vision/2 board in your area code.

        Vision/2 has alot more backdoors than you think.  Crimson Blade (The
Author of the Software) has to somehow down unregistered boards so he has to
make a couple ways for "his people" to get in and down the board.

        As you probably know, vision/2 .84á has come out.  Well, it is very
buggy and has some problems in it.   First off,  If your trying to hack a
registered vision/2 bbs, and they have the latest vision/2 .84 <Sub Version-L>,
then this backdoor WILL NOT WORK.  But I know at least 30-35 boards that are
still running vision/2 .72 or even vision/2 .84 beta <Sub Version A or B> that
somehow got distributed.. Well, this back door will work with those.

        Okay, now to the fun part.  Vision/2 has a little utility to import
text files <menus, stat screens, etc..> so your bbs can type out some stat
screens as you logon or type some groovy ansis out and show your board off.
Well.. there is a little bug!!  You can change your prompt to import a file
as well!

        Here is how you do it:  First make a fake account, you never want to
use your own alias.  After getting to the main menu, you want to Configure
your settings (Normally the command is K).  Here you can change your real
name, number, colors, and your prompt.

        Ok, choose to edit your prompt!!  This command should be X!  After
Hitting X, you should get this:

------------------- -  --
| Prompt Configuration....
-------------------  -  --

|MN: Menu Name
|TL: Time Left
|TN: Current Time
|DN: Current Date
|CR: Carriage Return
|01-|15: Foreground Colors
|B1-|B7: Background Colors

Current Prompt:
>-------- Main Menu
-------- 9999

Enter New Prompt (CR=No Change  D=Default Prompt)
:

Okay, The command to import a text file is: %%<Drive:\Path\filename.ext>
To find the vision/2 path, type out the autoexec.bat which would look like
this:

:%%C:\autoexec.bat

You should get something like this:
@echo off
C:\stacker\check /wp
SET PATH=C:\;C:\QEMM;C:\FD;C:\SCAN;C:\DOS;C:\WINDOWS;C:\STACKER;
SET FD=C:\FD
SET DSZLOG=C:\VISION\XFER
BNU /L2=19200 /F+
PROMPT $p$G
BBSRUN.BAT

Save this prompt? yes NO!

Okay, you should look in the path and/or the dszlog setting to find the v/2
main directory.  This dudes drive happens to be C:\VISION.  If he didn't
have the SET DSZLOG line there, try %%C:\bbsrun.bat and you will get the
drive name there.  Most sysops have the bbs come up off of booting, so there
HAS TO be a batch file or something of that sort to bring up intermail or
frontdoor.

Now, you dont wanna save this prompt, so dont say yes >:D

Now, for the fun part, you should now go back to the prompt editor now that
you know his vision/2 path!  So, his X back at configuration menu:

------------------- -  --
| Prompt Configuration....
-------------------  -  --

|MN: Menu Name
|TL: Time Left
|TN: Current Time
|DN: Current Date
|CR: Carriage Return
|01-|15: Foreground Colors
|B1-|B7: Background Colors

Current Prompt:
>-------- Main Menu
-------- 9999

Enter New Prompt (CR=No Change  D=Default Prompt)
:

Okay, now you have his vision/2 path, your halfway there! Now for the fun part:
Now, the normal setup for vision/2 is to have your data path off of your main
vision/2 path.  In this case it would be C:\VISION\DATA
Now, what do you think you wanna type out?!?  Yep!! His Userlisting.. Here is
the command:

:%%C:\VISION\DATA\USERS.

You should now be getting garbage <of course, by now you should have started
capturing (:>  And then you get everyones numbers, passwords, and user
bullshit.  You *DO* have to hit enter while viewing it to get more input, and
again DONT SAVE THIS PROMPT!  Next file to view is, of course, The config.bbs!
Here is the command:

:%%C:\VISION\CONFIG.BBS (Yes, this file is in the main vision/2 path>

and you should be getting the dos/sysop/new user/system passwords..etc..
Also you will get the times of chatting, and where the bbs is located..etc..

With this information, you should take apart the userlisting, and pull out all
the shit.. it is listed like this:

<Alias> <Real Name> <Password> <Phone number> <User Note> <Bullshit like flags-
and other bullshit like prompt and security level>

This is a little hard to decode, cuz some people have some weird ass passwords
and sometimes, some ansi codes get in there and can delete one or two
characters..

After you have the dudes dos password, and all that bullshit, here is how to
Crash the board:

Logged in as the sysop, goto the file section.. then enter the file sponsor
area (This command is normally %) and then you delete every file in batches
of 20.. if you try to tag more than 45, your gonna run out of his memory and
end up locking the board with a message "4064k Memory not available" or
something like that.  delete each file and when it asks to confirm each
deletion, hit NO.. then when it asks to delete file itself, YES, and take
away peoples file points if you wanna be stupid <the board will be gone anyway>
Now, after deleting every file <some will definately not be undeletable> then
start killing the file areas.  After you have killed all 30-40 then keep on
going!  It will be like: <Delete this sub?  Dsld;fskjglksjdg> and keep
saying yes for about 5-10 more times.. this will not only fuck up all the
data files, but will acually start deleting PATHS not even specified <Sometimes
deletes the dos path, others it deletes the vision/2 path>  Now, if you want
to definately delete one of these paths, with the old autoexec.bat you have,
you can MAKE A NEW AREA <Before you killed them all of course> and specify
the path as C:\dos or C:\windows or whatever you want <I like to delete C:\im
because that takes weeks to re-setup>  Anyways, after you have chosen a
directory, you want to "ADD FILES BY BATCH" This command is W normally!
Just keep hitting enter leaving no files left, and then just delete them
like you did the other files >:D Works great.

Once you have the sysops account, you can add files by batch and then delete
them all.. Or -- If they got some files you like, lay low, make some more
accounts <M at the sysop menu which is normally accessible with the % from
main menu> with 32767 access and a timelock, and then you can just download
for 9999 minutes for as long as you want <or as long as you get caught>

Anyways, after your done doing what you wanna do, delete the system and error
logs by D and K from the sysop menu!  If you downloading anything you
shouldn't have, or used the sysops account to do so, delete the xfer. file!
The path of this file is the "SET DSZLOG=C:\vision\xfer." line in the
autoexec.bat!

NOTE:  If you delete all areas, and try to enter the file areas, it will
lock up and the logs will be screwed.. so if your gonna do that, delete the v/2
data and main directory if you can!

Second method:  If they have doors, and you have sysops access, make a new
area and upload shell.bat and doorway.exe <You can get those on any v/2
support board> into the c:\vision\doors directory.. then make a new door
<M from the main menu> and for the batch file, put shell.bat.. then, run the
door and your in dos >:D  Wonderful little trick.

If you have any questions,  You can contact me on The Body Chop Shop.  The
number is 703-356-1782.  If you are interested in vision/2 registration,
I can help you with that, as well!  Just leave me mail, and send $30 to
the address I reply.  And you will have a registration key in a couple
days.  Hope to hear from you soon

Hope all those shitty vision/2 boards in your area code are fun to hack!

                                    Later fellas,

                                Son of the Evil Hacker [BGR]




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH