mirrors
/
phrack
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
phrack/phrack42/6.txt

328 lines
11 KiB
Plaintext
Raw Permalink Blame History

==Phrack Magazine==
Volume Four, Issue Forty-Two, File 6 of 14
A User's Guide to XRAY
By N.O.D.
This file was made possible by a grant from a local
McDonnell Douglas Field Service Office quite some 'tyme'
ago. This was originally written about version 4, although
we are pretty sure that BT has now souped things up to version 6.
Everything still seems the same with the exception of a few
commands, one of which we will point out in particular.
Any comments/corrections/additions/updates or subpoenas
can be relayed to us through this magazine.
XRAY is a monitoring utility that gives the user a real-time
window into a Tymnet-II node. Used in tandem with other
utilities, XRAY can be a very powerful tool in monitoring network
activity.
In this file we will discuss key features of XRAY and give command
formats for several commands. Some commands are omitted from this
file since they can only be used from dedicated terminals. Several
others are likewise omitted since they deal with the utilization of
XRAY in network configuration and debugging the actual node code, and
would probably be more damaging than useful, and commands to reset
circuits and ports are similarly missing.
ACCESS
The most obvious way to access XRAY is to find the username/password
pair that either corresponds to the host number of an XRAY port, or
is otherwise in the goodguy list of a particular node.
XRAY can also be accessed through the DDT utility by typing
?STAT
Either will respond with the following
**X-RAY** NODE: XXX HOST: ZZZ TIME: DD:HH:MM:SS
If all ports are currently in use the user will only be allowed access
if his/her is of greater precedence in the goodguy list than that of
someone previously online. In such a case, that user will be forcibly
logged out and will receive the following message:
"xray slot overridden"
Otherwise the user will see:
"out of xray slots"
XRAY users are limited in their power by the associated "licence" level
given them in the XRAY goodguy list. The levels are:
0 - normal
1 - privileged
2 - super-privileged
There are several user names associated with the
XRAY utility. These exist on almost any network utilizing
the Tymnet-II style networking platform.
PRIORITY USERNAME
2 XMNGR
2 ISISTECX
2 XNSSC
1 TNSCMX
1 TNSUKMX
1 XSOFT
1 XEXP
1 XCOMM
1 XSERV1
0 XRTECH
0 XTECH
0 XOPPS
0 XSERV
0 XRAY
COMMANDS with parameters in <brackets>
HE Help
Use this command to display the commands available for that
particular node.
GP Get power <security string>
This command allows the user to move up to the maximum security
level allowed by his username, as specified in the good guy
list.
XG Display and/or modify XRAY goodguy list <entry number> <P/M>
This command without parameters will display the XRAY goodguy
list. When added with an entry number and 'P' (purge) or
'M' (modify), the user can edit the contents of the table.
The XGI command will allow the user to enter a new entry
into the list. Any use of XG or XGI to alter the list is
a super-privileged command and is audited.
>XG
XRAY GOODGUY LIST
NO. PRIV OVER NAME
---- ---- ---- ----
0001 0002 00FF TIIDEV
0002 0001 0030 RANDOMUSER
0003 0000 0000 XRAY
>XGI
ENTER UP TO 12 CHARACTERS OF USERNAME
NOD
ENTER NEW PRIVILEGE AND OVERRIDE - 2,FF
>XG
XRAY GOODGUY LIST
NO. PRIV OVER NAME
---- ---- ---- ----
0001 0002 00FF TIIDEV
0002 0001 0030 RANDOMUSER
0003 0000 0000 XRAY
0004 0002 00FF NOD
BG Display and/or modify Bad Guy List <node number> <R/I>
This command when entered without any parameters displays the
"bad guy" list. When used with a node number and 'R' it will remove
that node from the list, and 'I' will included. The 'R' and 'I'
features are privileged commands and usage is noted in audit trails.
>BG
2000 701 1012
>BG 2022 I
2022 2000 701 1012
HS Display host information
ND Display node descriptor
This command displays information about the node and its network
links.
NS Display node statistics
This command displays various statistics about the node including
time differentiations in packet loops, which can then be used to
determine the current job load on that particular node.
KD Display link descriptor <linked node>
This command displays the values of the link to the node specified.
This is displayed with columns relating to type of node (TP), speed
of the link (SP), number of channels on the link (NCHN), etc..
KS Display link statistics <up to 8 node numbers>
This command provides a report on various factors on the integrity
of the link to the given node(s), such as bandwidth usage, packet
overhead, characters/second transmitted, delays in milliseconds, etc.
BZ "Zap" link to node <node number>
This command will cause the link to the specified node to be
reset. This command is privileged and is audited. If the node
"zapped" is not currently linked a "??" error message will be
displayed.
TL Set/Reset trace on link <node number>
TN Set/Reset trace on line <node number>
TM Display trace events <B(ackground) / F(oreground)>
These commands are used to display activity between two active
nodes.
AC Display active channels <starting channel> <range of channels>
This command will display all active channel numbers for the given
range starting at the given channel number. Range is in hex.
QC Query channel status <channel number>
This command displays information about the given channel,
including throughput speed, source and output buffer size and
address location.
TC Enable/disable data trace on channel <channel number> <0/1>
This command with no arguments displays the channels
that are being diagnosed by the trace. The command with
a channel number and a '1' will enable data trace for that
channel, and a '0' will disable trace on that channel. Enabling
or disabling trace is a privileged command.
TD Display channel trace data in hex <count> <I/O>
TE Display channel trace data in hex including escapes <count> <I/O>
TA Display channel trace data as ASCII <count> <I/O>
With these commands trace data is displayed for a specified
time count. A prefixed 'I' or 'O' will show input or output
data. The default is both.
>ta 5
I/O CHN TIME
OUT 0040 ECC5 \86\86\0F\00\8A\80h\80\8CS\83valinfo;
IN 0040 EC87 \00\09\86\86\0D\08\00\00h
OUT 0040 0F67 \86\86\0E\00\880\8D
IN 0040 1029 \00,\86\86\09\86\00\00\90\1B\19\80 \06\86\00\00h
\15\1B\08J\04\0B\04\0F\04=\0DR\80JS\80\80
\8CVALINFO\8D
OUT 0040 102F \86\86\14\89p\90\1B\19\86\86\14\89j\18\15\13
**Note: Although this will allow one to follow the network connections
on specific channels, password data is filtered out. As you
can see from the above example, usernames are not. Many
usernames do not have passwords, as you all know. **
On more recent versions of XRAY a similar command "DR" performs a
similar function to the trace commands, but shows both hex and
ascii of the data in memory registers of the node.
>DR
I NOS 0001 A0 *
I SND 0001 A1 * !
I DTA 4920 616D 2061 6E20 6964 696F 7420 6265 *I am an idiot be*
0002 9D63 6175 7365 2049 206C 6566 7420 * cause I left *
6D79 7365 6C66 206C 6F67 6765 6420 696E *myself logged in*
2061 6E64 2077 656E 7420 686F 6D65 2E0D * and went home. *
6F70 7573 2520 0D0A 0D0A 0D0A 0D0A 0D0A *opus% *
BS Display bufferlet use statistics
This command shows the current and past usage of the memory
allocated to data buffering. This shows total usage, total peak
usage, and available buffer size.
RB Read buffer <buffer index>
This command displays the entire contents of the given buffer.
This is a privileged command and its use is not primarily for user
circuits. Primarily.
>RB 69
50 61 72 74 79 20 6F 6E 20 64 75 64 65 21 21 21
WB Write buffer <buffer index>
This command writes up to seven bytes into the specified buffer.
The buffer must greater than 4. This is also a privileged command.
CD Set/reset CRYPTO auto display mode <Y/N>
CL Display CRYPTO log <number of minutes>
CM Display CRYPTO messages by type
SM Enable/Disable CRYPTO messages by type
CRYPTO messages are informational messages about the activity of
the node. Up to 256 such entries are stored in a circular buffer
to record this activity. You can turn on automatic reporting
of these messages with the CD command prefixed with a 'Y' for
on and 'N' for off. Certain message types that become bothersome
can be disabled with the SM command and the message type.
DB Begin delay measurement
DD Display delay measurement statistics
DE Terminate delay measurement
DL Begin data loopback circuit
These commands are used to build circuits for testing the speed and
integrity of data flow between two nodes. The DL command is
super privileged and only one such circuit can be built on
a node at a given time. The data traffic generated by the DL is for
diagnostic use only and can be monitored by viewing node and link
statistics.
PM Measure performance on a channel <channel number>
This command measures the performance of a given channel by
inserting a timing sequence into the packet stream. Once it has
reached the given channel it is returned and a value corresponding
to the total time elapsed in milliseconds is displayed. If the
channel is not active, or no response is returned in 8 seconds the
message "BAD CHANNEL OR TIMEOUT" is displayed.
LE Set local echo mode
RE Set remote echo mode
One would use the set local echo command if the XRAY terminal
is not echoing commands typed by the user. By default, XRAY does
not echo output.
SUMMARY
XRAY is pretty confusing. Be careful with what you are doing
since you are essentially prodding around in the memory of the
node. Think of it in terms of using a utility to poke and prod
the memory of your own computer. Think of how disastrous a
command written to the wrong portion of memory can be. Don't
do anything stupid, or you might bring down a whole network,
or at minimum lose your access.
Reference in New Issue View Git Blame Copy Permalink