[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: The Black Book of AFS ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ] [ 70 ]
Current issue : #55 | Release date : 1999-09-09 | Editor : route
IntroductionPhrack Staff
Phrack LoopbackPhrack Staff
Phrack Line Noisevarious
Phrack Tribute to W. Richard StevensPhrack Staff
A Real NT RootkitGreg Hoglund
The Libnet Reference Manualroute
PERL CGI Problemsrfp
Frame Pointer Overwritingklog
Distributed Information Gatheringhybrid
Building Bastion Routers with IOSVariable K & Brett
Stego HashoConehead
Building Into The Linux Network Layerlifeline & kossak
The Black Book of AFSnicnoc
A Global Positioning System Primere5
Win32 Buffer Overflows...dark spyrit
Distributed Metastasis...Andrew J. Stewart
H.323 Firewall Security IssuesDan Moniz
Phrack World Newsdisorder
Phrack Magazine Extraction UtilityPhrack Staff
Title : The Black Book of AFS
Author : nicnoc
-------[  Phrack Magazine --- Vol. 9 | Issue 55 --- 09.09.99 --- 13 of 19  ]


-------------------------[  Black Book of AFS  ]


--------[  nicnoc  ]


----[  Introduction

AFS is commonly deployed as a distributed filesystem solution in academic and
research environments.  This short article serves as an introductory guide to
publicly-accessible resources on AFS.  As always, misuse of this information
by the reader is taken at his or her own peril.

The current incarnation of AFS grew out of research conducted with the Andrew
FileSystem at Carnegie-Mellon University, also home of the CODA distributed fs
research (http://www.coda.cs.cmu.edu/).  AFS is now a commercial product,
supported and sold by the Transarc Corporation (www.transarc.com).


----[  Conventions

Resources on AFS listed in this document will take the form of '/afs/cell
name'.  As you will discover, certain hosts are only accessible from a gateway
immediately associated with the cell.  For example, the node net.mit.edu
can only be reached from the outside (ie. using methods other than a local
fs mount) through the web.mit.edu AFS gateway.  Where appropriate, these
access restrictions are noted. 


----[  Basics

Terminology
-----------
cell : Multiple hosts within the same domain sharing a single fs image.
 - local cell   : Describes a cell within the local domain.
 - foreign cell : All cells not within the local domain.
 - cell name    : Usually a derivation of the FQDN.
node : Generic term for any host on the network.
ACL  : Access Control List - who gets what, and how.

Technical 
---------
Access permissions of files and directories on an AFS cell are handled
independently of the underlying operating system permissions.  Traditional
Unix fs permission bits are divided into read, write, and execute.  The AFS
ACL groupings build on this concept and add extensions suitable for
distributed file-sharing.  

Below is a basic introduction to concepts and commands used to manage AFS; by
no means a complete treatment of the subject.  See tutorials at
http://www.alw.nih.gov/Docs/AFS/AFS_toc.html and
http://www.slac.stanford.edu/comp/unix/afs/users-guide/afs-frames.htm for
more information. 

ACL bits
--------
r : read        : view directory and file contents
l : lookup      : searching of a directory for filenames (recursive find)
i : insert      : create a new directory or file
d : delete      : remove a file or subdirectory
w : write       : modification of file contents
k : lock        : owner's processes allowed to flock() in this dir
a : administer  : user permitted to modify ACL for this resource

Commands for ACL listing and modification 
-----------------------------------------
fs: listacl <filename> (alias: la) : list access control list
setacl <directory> <username> <permissions> (alias: sa)
.... set access control list

ex. setacl secret.doc jsbach lidrw

pts:
Invoked as 'pts option' on the command-line.  Manages protection
groups, which permit a smaller group of users to access resources
owned by another user.
 options:
  adduser -user user1 user2... -group <owner>:<group name>
  	.... adds user(s) to an existing protection group
  removeuser -user user1 user2... -group <owner>:<group name>
  	.... removes user(s) from a protection group 
  creategroup <owner>:<group name>
  	.... create a protection group
  examine <path>
  	....  volume name of specified resource at <path>
  membership -name <user>  (alternatively <group name>:<owner>)
  	.... list protection group membership for user
		
Protocol information
--------------------
	AFS is implemented over wide-area TCP/IP networks, optionally 
authenticating users with a modified Kerberos implementation.  Client nodes 
utilize a cache manager, which stores frequently-accessed data on a local 
disk for faster retrieval.  

	Taken from an unknown cell's /etc/service, the ports and 
protocols that make AFS work its magic: 

afs3-fileserver 7000/udp       # file server itself
afs3-callback   7001/udp       # callbacks to cache managers
afs3-prserver   7002/udp       # users & groups database
afs3-vlserver   7003/udp       # volume location database
afs3-kaserver   7004/udp       # AFS/Kerberos authentication service
afs3-volser     7005/udp       # volume management server
afs3-errors     7006/udp       # error interpretation service
afs3-bos        7007/udp       # basic overseer process
afs3-update     7008/udp       # server-to-server updater
afs3-rmtsys     7009/udp       # remote cache manager service

Gateways
========
	Legitimate access to AFS is quite easy to obtain.  Any alumnus of 
an institution where AFS is widely deployed (MIT, CMU, Stanford, etc.) 
usually has an account on a connected node.  Additionally, it is not 
uncommon for admins to grant research accounts on university systems 
to friends outside.  
	For those without friends and we, the unwashed masses, there are 
gateways which allow access to AFS through other services.  In the early 
1990's, these were commonly found on institution FTP and Gopher sites.  
Today, most gateways provide proxied access to AFS through the web.  
Transarc provides the WebSecure product which is the most commonly used
gateway software.
	AFS->web gateway discovery is a matter of blind luck, although
with the assistance of a search engine, it is possible to select possible
candidates. 

Two commonly-used gateways are: 
	web.mit.edu 
	www.transarc.com

The MIT gateway is more controlled than the Transarc's.  
Of the 74 active cells discovered, MIT permits only 12:
	andrew.cmu.edu 			athena.mit.edu
	cmu.edu 			cs.cmu.edu
	ece.cmu.edu 			iastate.edu
	ir.stanford.edu 		net.mit.edu
	northstar.dartmouth.edu 	sipb.mit.edu
	transarc.com 			umich.edu

Some cells local to mit.edu are accessible through the gateway with aliases, 
namely: athena, dev, net, and sipb.  These aliases and restricted-access
nodes are not enumerated. 

Directory
=========
	This listing comes from an audit of active nodes accessible 
through the transarc.com AFS->web gateway.  From a dataset of 511 entries, 
74 were found to be active.  The unofficial AFS FAQ (section 1.07)
(/afs/transarc.com/public/afs-contrib/doc/faq/afs-faq.html)
assisted with identification of certain cells. 
	Data were collected from a recent CellservDB 
(/afs/transarc.com/service/etc/CellServDB.export) and the output of 
'ls /afs' on an AFS node.  A simple script linking lynx, grep, 
sort and awk produced the below listing.  All listed nodes were verified 
to be accessible from an external network on 07.22.1999.  

## Corporate (COM)
|
# Transarc Corporation
	transarc.com	

## Education (EDU)
|
# Arizona State University
	asu.edu		
# Boston University
	bu.edu			
# Carnegie-Mellon University
	cmu.edu			
	andrew.cmu.edu
	ce.cmu.edu		
	! cs.cmu.edu		# Top-level directory not browsable	
	ece.cmu.edu	
	me.cmu.edu
# Cornell University 
	graphics.cornell.edu	
	msc.cornell.edu
	theory.cornell.edu
# Dartmouth College
	northstar.dartmouth.edu
# Indiana State University
	iastate.edu
# Indiana University
	ovpit.indiana.edu
# Massachusetts Institute of Technology
	athena.mit.edu
	sipb.mit.edu
# North Carolina Agricultural and Technical State University
	ncat.edu
# North Carolina State University
	eos.ncsu.edu
	unity.ncsu.edu
# Notre Dame
	nd.edu
# Pennsylvania State University
	psu.edu
# Pittsburgh Supercomputing Center
	psc.edu
# Rose-Hulman Institute of Technology
	rose-hulman.edu
# Stanford University
	ir.stanford.edu
	slac.stanford.edu
# University of California at Davis
	ece.ucdavis.edu
# University of Chicago
	spc.uchicago.edu
# University of Illinois at Chicago (NCSA)
	ncsa.uiuc.edu
# University of Maryland at Baltimore
	umbc.edu
# University of Maryland
	wam.umd.edu
# University of Michigan
	umich.edu
	citi.umich.edu
	engin.umich.edu
	lsa.umich.edu
	math.lsa.umich.edu
	dmsv.med.umich.edu
	sph.umich.edu
# University of Pittsburgh
	pitt.edu
# University of Utah
	utah.edu
	cs.utah.edu
# University of Washington
	cs.washington.edu
# University of Wisconsin
	cs.wisc.edu

## Government (GOV)
|
# Argonne National Labs
	anl.gov
# Fermi National Accelerator Lab
	fnal.gov
# National Energy Research Supercomputer Center
	nersc.gov
# National Institutes of Health
	alw.nih.gov
# Princeton Plasma Physics Laboratory
	pppl.gov

## Military  (MIL)
|
# Naval Research Laboratory
	cmf.nrl.navy.mil

## Network
|
# Energy Sciences Network
	es.net

## Organization (ORG)
|
# Esprit Research Network of Excellence (European Communities)
	research.ec.org
# Open Software Foundation
	ri.osf.org

## Europe and Asia
|
# European Laboratory for Particle Physics, Geneva
cern.ch
#Deutsches Elektronen-Synchrotron
	desy.de
#Univ. of Cologne Inst. for Geophysics & Meteorology
	geo.uni-koeln.de
# DESY-IfH Zeuthen
	ifh.de
# Leibniz-Rechenzentrum Muenchen
	lrz-muenchen.de
# Max-Planck-Institut fuer Astrophysik
	mpa-garching.mpg.de
# TH-Darmstadt
	hrzone.th-darmstadt.de
# Technische Universitaet Chemnitz-Zwickau
	tu-chemnitz.de
# Albert-Ludwigs-Universitat Freiburg
	uni-freiburg.de
# University of Hohenheim
	uni-hohenheim.de
# Rechenzentrum University of Kaiserslautern
	rhrk.uni-kl.de
# University of Cologne
	rrz.uni-koeln.de
# University of Stuttgart
	ihf.uni-stuttgart.de
	mathematik-cip.uni-stuttgart.de
	mathematik.uni-stuttgart.de
	rus.uni-stuttgart.de
# IN2P3 production cell
	in2p3.fr
# CASPUR Inter-University Computing Consortium
	caspur.it
# INFN Sezione di Pisa 
	pi.infn.it
# Real World Computer Partnership
	rwcp.or.jp
# Chalmers University of Technology - General users
        others.chalmers.se
# Royal Institute of Technology, NADA
	nada.kth.se

Interesting areas
=================
	Half of the challenge in network exploration is the act of 
finding fun items to look at.  The list below is by no means complete, 
and barely touches the surface of what the author and others have 
collected over the years.  Enjoy, and good luck hunting. 

/afs/andrew.cmu.edu/local/src/os/ 
	.... Left over from a time when Irix source resided there.
/afs/ncat.edu/common/
	.... Root directory of an Ultrix installation
/afs/ir.stanford.edu/users/c/l/clinton 
	.... Not the daughter of the U.S. President, but a reasonable 
 	     facsimile thereof which causes much excitement among readers. 
/afs/rose-hulman.edu/users/manager/agnello/compromised/
	.... AFS follows the 'user-managed' philosophy of resource
             management, leaving it up to individual users to secure the
	     permissions on their own files.  This unfortunate admin 
	     forgot to set the permissions on data collected during a 
	     recent (08.08.1999) security compromise.  The world, 
	     including the intruder, can now browse his work and see
	     what they have found.
/afs/umbc.edu/public/cores/
	.... Corefiles from fileserver crashes at the University of 
	     Maryland.  No further comment.
/afs/net.mit.edu/reference/multics/
	.... Once in a blue moon, you come along a gem like this one. 
	     Source code, project notes, and electronic messages from
	     the Multics project.  ./udd/multics/Rochlis contains the
	     mail, messages, and notes in case you can't find it. 

Greetings
=========
	Shouts and thanks go out to route and the r00t crew, ParMaster, 
cstone, aleph1, and the Slackworks crew.

-- nicnoc
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2021, Phrack Magazine.