If you have an account - or if you go into the computer lab and find someone else's account logged in and abandoned - you can write a simple BASIC program to simulate the login procedures, then leave it running. Here is a very simple example:
10 PRINT "Welcome to Y University Cornputer Network!"
20 PRINT
30 INPUT "Name? "; N$
40 INPUT "Pass? 10; P$
50 REM Now store these two variables in a file
60 REM and logoff from the account, giving an error
70 REM message. Or, use the inputted data to have
80 REM the program login to the system.
90 REM Finally, delete this program.
Remember to program in necessary time de-lays, if it usually takes a few seconds for commands to register. Also remember to have the program print asterisks (or periods, or dashes, or whatever's appropriate) on the screen instead of the user's password.
Sometimes commands are available to users be-fore logging on, like allowing them to see who else is currently logged on. You may or may not be able to program phony responses to a user's queries. The program doesn't have to be extremely elabo-rate, however, as most users will probably just sit down and login right away. You might want to sit around in the computer room awhile and look to see what
commands get used the most, so you will be able to program simulations of them. After the user is done typing his name and password, the program should store the information, and exit out of your account. If you wrote the program in another person's account (like the ones I mentioned finding logged in already) then the
program will have to transmit the data to you somehow < Methods to covertly transmit data are discussed in the chapter "What To Do When Inside.". > After all, once you log out of that account, you won't be able to get back in again. On the other hand, the operating system might allow you to save the file in your own directory if given the right access codes, or if you can make your own account temporarily less secure, allowing others to write to your directory.
Hacker security is very important - you never know what superuser is spying on your activities. Therefore, it would be wise to encode volatile in-formation like other people's passwords before they get stored in a file in your personal directory. I use a simple code, such as storing 13 + ASCII code of each character, with every
other number stored being random. So for the name/password combi-nation SM=RS/RANGERS my program would store 96 90 86 97 85 82 95 96 / 95 78 91 84 82 95 96, with random numbers between each of these num-bers. An expansion of these ideas is found in an up-coming chapter.
