Doctor Crunch

=====================

by

         -=> Doctor Crunch <=-


  Ok, you probably have read t-files
about how to break in a bbs. so, I will
tell you what to do when you get into
the bbs. Most sysops, if they have an
IQ, will disable the INIT command. they
usually do this by changing the INIT
command to some other word you will
never guess. Well, there is an easier
way to crash the bbs than by searching
for what the sysop changed it to. Get
in the moniter (CALL-151), and type:

Press [RETURN]                                A54FG

 This is the INIT command's entry point
which DOS calls to initialize a disk.
There are some bugs with this way of
crashing a disk though:

  1)  It takes about 40 seconds to INIT
      a disk, and if a sysop is there,
      he can stop you at any time.

  2)  Many boards use a fast dos; and,
      most fast-DOSes had to take out
      the INIT command to make the mods
      to DOS. So, even if you do a
      A54FG, you won't be able to kill
      the disk.

   I prefer to kill the VTOC, instead
of INITing the disk. Here are a couple
Press [RETURN]                  of reasons why:

   1) Very quick!!!!!

   2) Very nasty!!!!!

   The trick is to rewrite the VTOC
(Volume Table Of Contents) to say that
the CATALOG track is 255. Now all of us
know there is no track 255 on a disk,
this can only mean.....(you guessed it)
that the system will bomb when doing
anything that involves looking at the
CATALOG track. Since almost everything
you can do in DOS involves reading the
CATALOG track, this will crash the bbs
quite well. And here is a nice little
catch, you can reboot his disk (which
will give him an I/O ERROR because
when the hello file is run, DOS must
Press [RETURN]                  look at the CATALOG track) and logoff
at the same time. You should always
logoff quickly so that the sysop can't
lift up the phone, which sometimes will
prevent you from hanging up. The way I
logoff is the make the bbs I just
crashed do a reset, causing me to be
disconnected from the other end of the
line. Since most terminal programs
hang up if you loose the carrier (which
will happen when his system resets),
you will hang up the second you crash
his system!!!!

 Well, here it is:

  (Be sure you're in the moniter)

  *B3BC:FF NAFFBG 3F4:00 NFA62G

Press [RETURN]                  If you don't want to logoff,

  *B3BC:FF NAFFBG

NOTE: Sometimes you may hear a beep,
      then all of your moniter commands
      will fail. This is because of a
      bug in DOS. When RWTS lets go of
      control, the moniter varible $48
      is destroyed. To work properly,
      $48 must be restored to 0 before
      the moniter takes control again.
      I made a short routine that when
      called, writes the VTOC buffer to
      the disk, and sets $48 to 0. The
      routine is:

       300- 20 FB AF  JSR $AFFB

Comments

Popular posts from this blog

BOTTOM LIVE script

Evidence supporting quantum information processing in animals

ARMIES OF CHAOS