Got root? I do.
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Got root? I do.

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    883

    Got root? I do.

    I had an interesting thing happen today. I went to the campus of one of the local community colleges today. They have an area setup that has several computers that access the web for students as well you can access the states own network. It's used for jobs, unemployment, student affairs, welfare, corrections, all state services. Anyway, since I used to work for the state I just had to check out the security. What a joke. I was sitting around looking at the IT job postings around the state to try and get a jump on some outsourcing. So this one lady that works in this office logs in next to me. She's talking to someone else the whole time. So she leaves. She did'nt log out. I was like a kid in a candy store. I just scooted over and went to work. Their main network is Netware. So anyway they must have two kinds of users because this person's access gave me shell access. Oh boy.... So I sit here and pull up Extra for Netware. Then I set the ip I want after running a netstat -an from the cmd line. Set my terminal/device. (still the same as it used to be IBM-3278) good ole' port 23. So I connected. Entered the system command for what used to be the general services login directory. My old User ID and password are not any good. I figured this. So I made one up. Then I typed in the old admin reset to start new logins with. Still the same after all these years "letmein". So anyway I get my access and I'm sitting here looking at this. I laugh and think to myself, "It's a good thing I don't want to screw things up". So I passed lurking around and typed in a message to the syswide drop line. Which is a small line bellow the terminal window they have setup on the state computers to send messages between admins in real time. Then I logged out of everything. Then I left with a grin on my face......The moral to this story. A network, server, workstation or any device thats accessed by anyone is only secure as the users are in their individual security practices. So for all you Admins. Keep those users in check....
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    haven't used letmein since our isp was a netware dialup. cute. good job and btw - glad you did not do mischief
    Trappedagainbyperfectlogic.

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    We had an interesting user problem today. You know what a smartbits is? Well do you know what smartbits does to a live network? Not good things, let me tell you. I had to pull out the destructive packet filter device and *snip* *snip*, and then one last *snip*. Turns out I snipped his palm pilot cable on accident. Oh well.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    didn't you have this problem with him before in one of your security stories? fire the dude.
    Trappedagainbyperfectlogic.

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    HeyApocalypse:
    By any chance was the community college in question Nashville Tech?

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Originally posted here by bucket
    HeyApocalypse:
    By any chance was the community college in question Nashville Tech?
    LOL...You know what I'm talking about heh. Well, it's not the right school but it's the same system (the one they're all on). The Alex database and all that good stuff. They realy need to beef up security.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Goes to show you what happens when people just don't really know what can happen when they leave a terminal window open or some such... Back in SF, I wrote a perl program that would lock the screen, void the control/alt keys (no suspend, break, or interrupt, and no switching screens) so that when I had to go fix something or whatnot, nobody would fux0r around and even if they tried, I'd be back shortly enough to see their futile attempts and commence to breakin' some chairs!

    Security is something that people don't really want to implement. Good implementations take skilled professionals to install/configure and then it's a daily maintenance routine to make sure things are ok and nothing's amiss. That and the cost is what kills it for most places. Case in point: Marriott Vacation Club International doesn't want to encrypt their credit card transaction database end-to-end or do any other kind of encryption scheme to at least keep some people out. What's the result? A couple of employees at one of the call centers were busted for credit card theft, which isn't related to the encryption but the phone could be used for input of the card number/expiration after ID verification. This happened for a few months and I'm just waiting for someone who had their card used illegally to find someone else who had the same thing happen and then they sue the crap out of MVCI. But they've got an InfoSec guy who's been pushing to resolve these things for the past year+ but they won't do it. Guess those execs have to have their payraises and the managers have to have their bonuses eh? After all, they don't take the fall, it'd be the poor InfoSec guy... dumbasses...

    Such is life...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    170
    The moral to this story. A network, server, workstation or any device thats accessed by anyone is only secure as the users are in their individual security practices. So for all you Admins. Keep those users in check....
    Utterly true.
    I still have db-access on three different servers I used to work on several years ago.
    Maybe you should've passed the admins the user who just left her terminal open. Just to be evil
    Mankan

    \"The purpose of abstraction is not to be vague, but to create a new semantic level in which one can be absolutely precise.\"
    - Edsger Dijkstra

  9. #9
    Junior Member
    Join Date
    Jan 2002
    Posts
    19
    logs........honeyPOT.........sysadmin there could just be a smart arse, ..........or almost as lax as me.........

  10. #10
    Junior Member
    Join Date
    Jan 2002
    Posts
    19
    shhhh, i did'nt inhale.....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •