18 September 2007 | 4,622 views

Im In Your Leenucks Box Changing Your Password

Check For Vulnerabilities with Acunetix

More hacker humour – this is a good one!

So I’ve been a professor at this ‘little school’ for a while now. I love my job. My classes contain students from all age groups. I have a few 17 year old high schoolers that are here because they are bored during the summer. I have a few seasoned folks that have IT experience. I also have a few people that are clearly here just for the three credit hours.

The classroom is set up in a ‘lab’ environment. Each student has a PC in front of them that netboots linux from a central box located near my desk at the front of the classroom. This setup works great because the students come into the classroom every day, power on their PC, and they get the exact OS load and lesson they need for our session. Not to gloat, but I designed it this way and I’m the envy of a few other professors *cough* windows instructors *cough*.

I have this one student that I’ll call “Pima”. Yes, that’s an acronym.

Pima is one of the 17 year olds in the class and considers himself an uber-hax0r. He constantly interrupts me during my lessons trying to make valid points that are somewhere between “WTF?” and “OMG YOU ARE NOT USING TEH DEBIAN!”. For those of you that listen to the podcasts and remember my story about training some folks over in another country and some dude put my kevlar vest over top his… well let’s say if we were in combat and this kid dropped his kevlar I think I’d dig a hole and bury it so he couldn’t find it.

This kid has the attention span of me at a Hooters restaurant. He’s always doing “something” on his PC during class. Most of the time he’s constructing poorly written bash scripts and trying to download stuff from an internet connection that really doesn’t exist. I didn’t say he was bright did I? Right.

One day recently we had a special saturday class that was very lab intensive. Right before the lunch break I informed everyone that I’d be going around to each PC and “breaking” something that they’d have to fix when they got back. Usually I do something silly like screw with their /etc/resolv.conf file, comment out some things in a service’s configuration file, or some other type of fun.

During the lunch hour I wander around and start breaking stuff. I get to Pima’s machine and I can’t login to the machine as root. My little uber-hax0r had changed the root password.

[Note from Scrap: All students have the root password to their workstations as part of their lesson]

Let’s keep in mind that this kid is NOT the ripest banana in the bunch by a long shot. Let’s think about this, shall we?

1) The PC neboots to an image. Changing the root password is effective for the current ’session’ only. I reboot the machine, I get a fresh load. Kapisch?

2) SSH is running on all of these boxes. Did I mention that I authenticate using a certificate to all of these machines? I don’t NEED the password.

3) In /etc/passwd, there’s this really cool user called (and I kid you not) “backdoor”. Backdoor is authorized for ’su’.

Curiosity was killing me. I tried to login as “backdoor” and sure enough it worked and I could issue commands as root. Duh.

I wandered back to my instructor workstation and ssh’d to his box as root with no problems.

I had a decision to make. Do I just reboot the machine and carry on? Or do I teach this kid a lesson?

Oh yeah, he’s getting a lesson.

I whipped out my microphone from my laptop bag and plugged it into my workstation. I recorded a few choice sound files and scp’d them to his workstation in a directory I made called “/tmp/…/lmao”.

I then made sure that ’sox’ was installed on the workstation. It was. I ran back over to Pima’s workstation and made sure that the speaker volume was turned to 75% on his speakers. Just to be a jerk I used my trusty pocketknife to pry the volume knob off of the speakers. There will be no adjusting these bad boys!

The clock said that I had half an hour left before the students returned, so I quickly returned to breaking the rest of the students’ workstations.

A half hour later it was show time.

The students filed back into the classroom. Pima was five minutes late as usual.

I instructed the class not to touch their keyboards until I gave them their instructions.

After I prattled on for five minutes with the assignment I sat back down at my workstation and acted like I was busy. I noticed that Pima had a big grin on his face after he logged into his machine with his root password. The grin said “haha you didn’t break MY stuff!”.

I brought up the xterm that was ssh’d into Pima’s workstation and issued the following commands:

$ cd /tmp/…/lmao
$ play haha1.wav

At that moment a loud booming voice commanded its way from Pima’s speakers:

YOU SHOULDNT HAVE CHANGED MY ROOT PASSWORD BOY!

There was dead silence in the room. Pima jumped back about half a foot from his PC.

Laughter ensued.

I glanced up from my screen and glared at Pima.

“Is there a problem? You should be working on your assignment and not goofing around.”

Pima squeaked out a “It wasn’t MEEEEE!”

I glanced back down at my screen and waited another few minutes.

I then issued this:
$ play haha2.wav

The class was treated to a very high-pitched chimpmunk version of “MY HUMPS! MY HUMPS! MY ITTY BITTY HUMPS!”

At this point the class was dying in laughter.

I continued with my straight man act.

“Pima, if you interrupt this class one more time I’m walking you out. Have some respect.”

He sat there and didn’t say A WORD.

A few more minutes go by and Pima is typing like a mad man on his keyboard trying to figure out what the heck is going on.

It was now time for “Le Finale Grande”.

$ play haha3.wav

Pima’s speakers blared the following in my own God-like voice:

“ATTENTION CLASS. THIS IS WHAT HAPPENS WHEN YOU DONT PAY ATTENTION TO THE INSTRUCTOR, CHANGE YOUR ROOT PASSWORD AND COMPLETELY DISREGARD YOUR ASSIGNED WORK. THAT IS ALL.”

At that moment Pima figured it out and was treated to his classmates (and me) laughing hysterically at him. He stood up, put his arms up in the air and proclaimed “YOU GOT ME. YOU GOT ME. OKAY.”

Pima has been a perfect gentleman since.

He even shows up to class five minutes early every day.

From: IT Tool Box



Recent in General News:
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords
- More Cyberterrorism – Taiwan Political Party Accuses China of Hacking

Related Posts:
- Password Hasher Firefox Extension
- Twitter Major Password Reset After Phishing Attack
- Freeware MAC Address Changer – Technitium v3.1

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,081 views
- eEye Launches 0-Day Exploit Tracker - 85,072 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,465 views

Advertise on Darknet

3 Responses to “Im In Your Leenucks Box Changing Your Password”

  1. Sir Henry 14 December 2007 at 7:46 pm Permalink

    I love this story. I still laugh out loud every time I read it. Sounds like something that Goodpeople would have fun doing.

  2. Etagy 4 March 2008 at 9:10 am Permalink

    Hehe, very amusing story *giggle*

    More hacker humour, please!

    Etagy

  3. Andy90 4 March 2008 at 10:58 pm Permalink

    Great story :)
    Tried something similar when I was back at school (though not nearly as complicated (trust me, was simple)) and got suspended form IT for two weeks haha