;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; A useful OPS-5 program ; Don Hopkins, University of Maryland ; CMSC421, Project 6 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (literalize user user password first last host) (literalize file name owner writable host) (literalize goal status type file user password host ruser rhost) (literalize rhosts user host ruser rhost) (literalize session user host) (literalize log user host status serial) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (p crack1 (session ^user ^host ) (rhosts ^user ^host ^ruser ^rhost ) (user ^user ^host ) -(session ^user ^host ) --> (make goal ^type rlogin ^status active ^user ^host ^ruser ^rhost )) (p crack2 (session ^user ^host ) (user ^user ^password none ^host ) -(session ^user ^host ) --> (make goal ^type telnet ^status active ^user ^host ^ruser ^password none ^rhost )) (p crack3 (session ^user ^host ) { (goal ^type telnet ^status active ^user ^host ^ruser ^password ^rhost ) } (user ^user ^host ) --> (write (crlf) ... from at ... telnet (crlf) ... login password ) (make goal ^type login ^status active ^user ^host ^password ) (modify ^status satisfied)) (p crack4 (session ^user ^host ) -(session ^user root ^host ) --> (make goal ^type crack ^status active ^host )) (p crack5 (session ^user root ^host ) { (goal ^type su ^status active ^user ^host ) } (user ^user ^host ^password ) -(session ^user ^host ) --> (write (crlf) ... su from root to at ) (make goal ^type login ^status active ^user ^host ^password ) (modify ^status satisfied)) (p crack6 (session ^user root ^host ) (user ^user <> root ^host ) -(session ^user ^host ) --> (make goal ^type su ^status active ^user ^host )) (p crack7 (session ^user sysdiag ^host ) (user ^user root ^host ^password ) { (goal ^type crack ^status active ^host ) } -(session ^user root ^host ) --> (write (crlf) ... sysdiag at is equivalent to root) (make goal ^type login ^status active ^user root ^host ^password ) (modify ^status satisfied)) (p crack8 { (goal ^type rlogin ^status active ^user ^host ^ruser ^rhost ) } (session ^user ^host ) (user ^user ^host ^password ) (rhosts ^user ^host ^ruser ^rhost ) -(session ^user ^host ) --> (write (crlf) ... from at ... rlogin to at ) (make goal ^type login ^status active ^user ^host ^password ) (modify ^status satisfied)) (p crack9 (session ^user ^host ) (file ^user passwd ^writable yes ^host ) { (user ^user root ^password <> none ^host ) } (goal ^type crack ^status active ^host ) --> (write (crlf) ... passwd file is writable on ... removing root password) (modify ^password none)) (p crack10 { (goal ^type login ^status active ^user ^host ^password ) } (user ^user ^host ^password ) --> (bind ) (write (crlf) ... audit of OK login at password ) (make session ^user ^host ) (make log ^user ^host ^status OK ^serial ) (modify ^status satisfied)) (p crack11 { (log ^user ^host ^serial ) } (session ^user root ^host ) (goal ^type covert) --> (write (crlf) ... cleaning up audit of login at ) (remove )) (p crack12 { (session ^user ^host ) } (goal ^type crack ^status active ^host ) (file ^name preserve ^host ) -(goal ^type ifs-hack ^host ) --> (write (crlf) ... trying IFS hack and logging out from at ) (make goal ^type ifs-hack ^status active ^host ) (remove )) (p crack13 { (user ^user root ^host ) } { (goal ^type ifs-hack ^status active ^host ) } (file ^name preserve ^host ) --> (write (crlf) ... IFS hack succeeded in removing root password at ) (modify ^password none) (modify ^status satisfied)) (p crack14 (session ^user ^host ) (file ^name ^owner ^host ) { (goal ^type mail ^status active ^file ^ruser ^rhost ) } --> (write (crlf) ... found belonging to at (crlf) ... mailing to at ) (modify ^status satisfied)) (p crack15 (session ^user ^host ) (goal ^type mail ^status satisfied) (goal ^type covert) --> (make goal ^type logout ^status active ^user ^host )) (p crack16 (goal ^type mail ^status satisfied) -(session) --> (write (crlf) ... time to stop fooling around and go read some netnews) (halt)) (p crack17 { (goal ^type login ^status active ^user ^host ^password ) } (user ^user ^host ^password <> ) --> (bind ) (write (crlf) ... audit of BAD login at password ) (make log ^user ^host ^status BAD ^serial ) (modify ^status satisfied)) (p crack18 (session ^user ^host ) (user ^user ^host ^first { <> nil}) -(session ^user ^host ) -(goal ^type covert) -(goal ^type telnet ^status satisfied ^ruser ^rhost ^password ) --> (write (crlf) ... guessing user at password ) (make goal ^type telnet ^status active ^user ^host ^ruser ^rhost ^password )) (p crack19 (session ^user ^host ) (user ^user ^host ^last { <> nil}) -(session ^user ^host ) -(goal ^type covert) -(goal ^type telnet ^status satisfied ^ruser ^rhost ^password ) --> (write (crlf) ... guessing user at password ) (make goal ^type telnet ^status active ^user ^host ^ruser ^rhost ^password )) (p crack20 { (session ^user ^host ) } { (goal ^type logout ^status active ^user ^host ) } --> (write (crlf) ... logging out from at ) (remove ) (modify ^status satisfied)) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; (p t1 (start 1) --> (make goal ^type covert) (make start 2)) (p t2 (start 2) --> ; host tycho (make file ^name preserve ^owner root ^host tycho) (make user ^user root ^password unknown ^host tycho) (make user ^user casper ^password unknown ^host tycho) (make rhosts ^user casper ^host tycho ^ruser casper ^rhost mimsy) (make user ^user ollie ^password unknown ^host tycho) (make rhosts ^user ollie ^host tycho ^ruser ollie ^rhost basement) ; host basement (make user ^user root ^password ron ^host basement ^first ron ^last reagan) (make user ^user casey ^password bill ^host basement ^first bill ^last casey) (make user ^user fawn ^password unknown ^host basement ^first fawn ^last hall) (make rhosts ^user fawn ^host basement ^ruser fawn ^rhost intimus-007s) (make user ^user iatollah ^password unknown ^host basement ^first guest ^last iranian) (make rhosts ^user iatollah ^host basement ^ruser allah ^rhost persia) (make user ^user ollie ^password unknown ^host basement) (make rhosts ^user ollie ^host basement ^ruser ollie ^rhost tycho) (make file ^name notes ^owner ollie ^host basement) ; host intimus-007s ("the ace of security paper shredders") (make user ^user fawn ^password unknown ^host intimus-007s) (make rhosts ^user fawn ^host intimus-007s ^ruser fawn ^rhost basement) (make user ^user ollie ^password north ^host intimus-007s ^first ollie ^last north) (make file ^name diary ^owner ollie ^host intimus-007s) ; host mimsy (make file ^name passwd ^writable yes ^owner root ^host mimsy) (make user ^user root ^password unknown ^host mimsy) (make user ^user casper ^password unknown ^host mimsy) (make rhosts ^user casper ^host mimsy ^ruser casper ^rhost tycho) (make user ^user hendler ^password unknown ^host mimsy) (make rhosts ^user hendler ^host mimsy ^ruser hendler ^rhost dormouse) ; host dormouse (make user ^user root ^password unknown ^host dormouse) (make user ^user sysdiag ^password none ^host dormouse) (make user ^user hendler ^password unknown ^host dormouse) (make rhosts ^user hendler ^host dormouse ^ruser hendler ^rhost mimsy) ; host prep (make user ^user rms ^password rms ^host prep) ; give ourselves a meaning in life ... (make goal ^type mail ^status active ^file diary ^ruser post-talk-rumor ^rhost ucbvax) (make goal ^type mail ^status active ^file notes ^ruser post-talk-rumor ^rhost ucbvax) ; and point us in the right direction ... (make session ^user nobody ^host nowhere) (make goal ^type telnet ^status active ^user nobody ^host nowhere ^ruser rms ^password rms ^rhost prep))