This is a 9x system, restricted to authorized persons and for
official 9x business only. Anyone using this system, network or data
is subject to being monitored at any time for system administration and
for identifying unauthorized users or system misuse. Anyone using this
system expressly consents to such monitoring and is advised that any
evidence of criminal activity revealed through such monitoring may be
provided to law enforcement for prosecution.
Author : OneThought
Subject: Hacking the HP3000/MPE Platform
There have been several write ups written in the past about the
MPE operating system and how to hack it. To me many of these are
out of date with the times or havent gone into certin aspects of
the MPE-iX OS. To start this off i am going to shatter the myth
right now that the MPE is a out of date operating system and is
"not worth hacking" a phrase i have heard more then once now a
days. The HP3000/MPE OS is still ideal for a small work place of
10-15 terminals, several of these servers networked together creates
a powerful accounting and work system , Infact the MPE OSes latest
version was released in 1995 (MPE-iX 5.0) and is already being picked
up by several companies. Right now you are asking yourself "Why should
i hack a HP3000?". Besides being a fun system to navigate around, in
many cases HP3000s have some very good information inside of them.
Credit Card #s, Employees personal information, Payroll files are
all kept on HP3000s.
#Finding a HP3000.#
When it comes down to finding a HP3000 your options are limited.
Your best luck will definetly be scanning business exchanges, However
you may also find a few inside the network information system of some
unix boxes on the net. You will know when you have found one by the
MPE XL: Prompt on older MPEs,MPE/iX, or MPE/V. If you are unsure of
one being a HP3000 simply type some random letters at the prompt and
press enter. If it is truely a HP3000 you will get the message
"EXPECTED HELLO COMMAND".
#Getting inside.#
If you are attempting to hack a unsecured HP3000 then factory
defauts will suffice most of the time. The following is a list
of default accounts and some password protected accounts.
Use the following default accounts listed above to login as
souch.
:HELLO MGR.SYS,PUB
Login Command: HELLO
Username : MGR
Account name : SYS
Group Name : PUB
When trying account and user names sometimes you will get the
message "ACCOUNT EXISTS, USERNAME DOES NOT". This means that you
have enterd a valid account but not a valid user name. The same
goes for "ACCOUNT/USERNAME EXIST BUT NOT IN HOME GROUP". Here
you must include a valid group name with the login account name
and user name.
*Note The group name is not required to be typed at the login prompt
most of the time.
#Barriers that will stand in the way of gaining access to a HP3000.#
Terminal password. Sometimes you will log in on a default account
and then recieve the prompt
TERMINAL PASSWORD:
The terminal password is a eight bit alpha password that is not
a normal feature of HP3000s, But some system administrators request
it being on a new system. The only way to get by this is a brute
force attack, or going out and doing some field work i.e trashing
at the companys location,social engineering, etc etc.
Another problem you may run across is a terminal that will not
accept logins from certin accounts. When running into this you will
need to find another account that can login on that terminal.
Case in point:
CONNECT 9600/ARQ/V32/LAPM/V42BIS
MPE XL:HELLO OPERATOR.SYS
HP3000 RELEASE: B.40.00 USER VERSION: B.40.00
FRI, JUN 28, 1996, 6:11 PM
MPE/iX HP31900 B.30.45 Copyright Hewlett-Packard 1987.
All Rights Reserved.
YOU ARE AT A TERMINAL THAT
YOU ARE NOT ALLOWED TO USE
SO NOW I LOG YOU OFF.
END OF PROGRAM
CPU=1. CONNECT=1. FRI, JUN 28, 1996, 6:11 PM.
NO CARRIER
Something else you may run into is closed sessions. This means that
at that time the system cannot create a new session for a number of
reasons, Maximum of users are already signed on or logins are not allowed
at that time. The best thing to do when running into that is to try again
every few hours till you are allowed to start a new session.
The last thing i will cover when it comes to barriers on HP3000s
is the VESOFT add on. I will not go into this in depth but just give
you a rough over view. First off to identify a system running VESOFT
you will have MPE/V: as your prompt. There will be no default accounts
on this system, if you get in by other means it will be extremly
restrictive and secure. Your best hope here is to give up.
The first thing that you will want to do once inside is find out what
access (if any) that you have. This is done by doing a LISTACCT.
Case in point:
:LISTACCT
********************
ACCOUNT: <What ever acct you are>
DISC SPACE: 0(SECTORS) PASSWORD: **
CPU TIME : 2(SECONDS) LOC ATTR: $00000000
CONNECT TIME: 2(MINUTES) SECURITY--READ : ANY
DISC LIMIT: UNLIMITED WRITE : ANY
CPU LIMIT : UNLIMITED APPEND : ANY
CONNECT LIMIT: UNLIMITED LOCK : ANY
MAX PRI : 150 EXECUTE : ANY
GRP UFID : $055E0002 $0AC53AD3 $0055A7BE $2C052855 $04A775F1
USER UFID: $00000000 $00000000 $00000000 $00000000 $00000000
CAP: AM,ND,SF,BA,IA
Most of this is self explanitory. The imprtant part to look at
is the CAP: section. Here is the capeability list needed to understand
what access you have.
Abrev. Capeability.
SM System Manager
AM Account Manager
AL Account Librarian
GL Group Librarian
DI Diagnostician
OP System Supervisor
NA Network Administrator
NM Node Manager
SF Permanent Files
ND Access to nonsharable I/O devices
UV Use Volumes
CV Create Volumes
CS Use Communications Subsystem
PS Programmatic Sessions
LG User Logging
PH Process Handling
DS Extra Data Segments
MR Multiple RINs
PM Privilaged mode
IA Interactive Access
BA Local Batch Access
Now compare the chart i have just included with what ever
account you have. This will dictate what privilaged commands
you may be able to execute as i will describe later in this file.
#Making yourself an account#
Making yourself an account requires SM or AM access. On some ocasions
you will not be able to make an account with AM access if the System
Manager has modified your account. You will be able to give your new
account equal access as the one you are on when making it.
Case in point:
:NEWUSER <User id> <Group Id> <Password>
The same can also be said for the following commands..
:NEWGROUP <Group ID> *Creates a new group, very noticeable
:PURGEUSER <User ID> *Delites a user
:PURGEGROUP <Group ID> *Delites a group.
#Time to look around.#
You now have hopefully created a new account and know what access
you have. Now it is time to check the system out. First you will need
to know how to use the help file, as HPs may differ from version
to version. Type HELP <item you need help with> and it will bring
up other words to look at or a section of the help file. Do NOT type
HELP as the entire MPE manuel will be scrolled on the screen, Taking
aproximetly 18 minutes to be fully scrolled.
To find out how big this system is and what devices are available
type..
:SHOWDEV
LDEV AVAIL OWNERSHIP VOLID DEN ASSOCIATION
To download use :DOWNLOAD <device>,<file>
*Refer back to SHOWDEV to figure out which device to use on the system.
#Other useful and not so useful commands#
SHOWCATALOG = This command will show commands unique to that system.
Case in point:
:SHOWCATALOG
SYSUDC5.UDC.SYS
SPENTRY SYSTEM
EDIT SYSTEM
COBOLII SYSTEM
ED SYSTEM
KSAM SYSTEM
COBEDIT SYSTEM
SJ SYSTEM
FORMSPEC SYSTEM
ENTRY SYSTEM
SO SYSTEM
SM SYSTEM
FREE5 SYSTEM
SH SYSTEM
L SYSTEM
QUAD SYSTEM
MPEX SYSTEM
MPEXLOGON SYSTEM
QEDITOR SYSTEM
GOD SYSTEM
JOBMASTER SYSTEM
SJ SYSTEM
SJJ SYSTEM
SJS SYSTEM
QUIZ SYSTEM
QUIZR SYSTEM
CONVRPO SYSTEM
QUICK SYSTEM
COGHELP SYSTEM
PHINIT12 SYSTEM
PHSRVN SYSTEM
PHSRVS12 SYSTEM
PHSRVS SYSTEM
CVRPO12E SYSTEM
SETPOWERHOUSE SYSTEM
RESETPOWERHOUSE SYSTEM
PHRUNPROG SYSTEM
PHRUNINTERBASE SYSTEM
GBAK SYSTEM
GCSU SYSTEM
GDEF SYSTEM
GDSCSERVER SYSTEM
GDSRSERVER SYSTEM
GDSLOCKPRINT SYSTEM
GDSRELAY SYSTEM
GFIX SYSTEM
GLTJ SYSTEM
GPRE SYSTEM
GRST SYSTEM
GSEC SYSTEM
GSTAT SYSTEM
ISCINSTALL SYSTEM
QLI SYSTEM
SETINTERBASE SYSTEM
RESETINTERBASE SYSTEM
PLISTF SYSTEM
FINDDIR SYSTEM
FINDFILE SYSTEM
LISTDIR SYSTEM
DISCUSE SYSTEM
SH SYSTEM
HPMPETOHFS SYSTEM
HPLISTFCLEANUP SYSTEM
HPPARSEFEQ SYSTEM
REPORT = Lists CPU allocation, disk allocation, disk volume, and
connect time for your group.
SHOWJOB = Lists all users and their group information along
with their session number and the availability to accept messages in
the form of QUIET for not being able to accept messages.
SETMSG ON/OFF Sets your availability to recieve messages.
TELL <Job>,<User>.<acct>; Message Sends a message to someone signed on.
#Logging off#
To log off just type BYE or EXIT at the prompt. You will then recieve
this logoff message..
:BYE
CPU=43. Connect=33. SAT, JUN 29, 1996, 1:03 AM.
NO CARRIER
#Conclusion#
I hope this file will spawn possible intrest once again in HP3000s
and the MPE Platform. HP will continue to support the MPE platform
for a very long time and with the extensive business software and
porting of unix to MPE systems you should expect to see these systems
for a few more decades. Greets to Black IC for his VESOFT write up
and to The Underground Consortium for their Hewlet Packard support.