    ͹͹
   -  a sIMPLE wAY tO hACK pCBOARD aND sUCCEED  -
                     An eMC TeXT SPReaD By Sniper
                                      

   In the past few months many sysops have turned away from FORUM  
   HACKS to Pcboard. Why you might ask? Well it is a very simple   ޳
   question to answer. Pcboard is 100% more configurable than any  ޳
   FORUM HACK out there. Anybody with a little programing backround޳
   can write their own PPE's. Many of the authors have included    
     backdoors in their own PPE's to prevent sysop's to get away
    with not registering. Now here where I come in.  I am running    
    a board of my own (PCboard of Course) and I go into PWAFV where  
    it asks for a file name, so I just tried to type any file from   
    there. (Ex. %C:\SHIT.TXT) To my surprise THe file was typed!!!   
    to the screen, but that's nothing. I Logged onto The Deep, A     
    305 Phoenix board, And paged Great White the sysop. So I told    
    him about that little BUG(?) in PWAFV and at the time he was     
    setting up Slogon 2.0 from ViGilante, I told him he could put    
    it in a Script file so that the board would run it. That's where 
    it came together, Slogon writes a textfile for the AUTOMESSAGE.  
    If you plug in %C:\PCB\MAIN\USERS in the AUTOMESSAGE when you    
    Logoff, you can call back and when you get to see the            
    AUTOMESSAGE what you see is the USERLIST with all the users      
    PASSWORDS including the first one the sysop's account. From there
    you hang up, call back, and logon as the sysop and when your at  
    the main menu run 9 and go to DOORWAY from there do what you     
    think would be nice. Another way is to run a PPE from the AUTO-  
    MESSAGE. Instead of the % you enter !C:\PCB\PPL\EXAMPLE.PPE      
    you could run a USER EDITOR, or whatever tickles your dick.      
                                                                     
    To the Sysops that run Pcboard, Well any PPE that lets a user    
    input text and then display it is a risk. Just go through your   
    PPE's and check them out. As for Slogon 2.0 Just edit LINE 2     
    of SLOGOFF.CNF so that it doesn't include the AUTOMESSAGE as a   
     choice to the users. I already tried to execute and display files
     from the DIR.LST file and it didn't work and I also tried it from
     PWA's AUTOSIG Utility, And a few other PPE's and it didn't work.
     But there are plenty more PPE's that have this fault.


     If anybody finds any other BACKDOORS please write to me at
     sniper@cybernet.cse.fau.edu

     Greets go out to   Fatal Error = Your the best Courier around
                                      keep up the good work. ;-)
                        Great White = Thanks 
                         Lost Rider = What happened to PNX ??
                          WiLDCHiLD = Fix it fast!!
                    The Speed Racer = What's Next?
                        The Untimed = Cant we all just get along?
                           BASiLiSK = Thanx for the release.  
                           
                           July 15, 1994  (c) eMC.
          THe eLiTe MaFia oF CRaCKeRZ  
                            Wana Be A Disto Site
               Fill out the application EMC-APP.EXE Damnit!@


                               
                                 
                              
                                 


