Im In Your Leenucks Box Changing Your Password

The New Acunetix V12 Engine


More hacker humour – this is a good one!

So I’ve been a professor at this ‘little school’ for a while now. I love my job. My classes contain students from all age groups. I have a few 17 year old high schoolers that are here because they are bored during the summer. I have a few seasoned folks that have IT experience. I also have a few people that are clearly here just for the three credit hours.

The classroom is set up in a ‘lab’ environment. Each student has a PC in front of them that netboots linux from a central box located near my desk at the front of the classroom. This setup works great because the students come into the classroom every day, power on their PC, and they get the exact OS load and lesson they need for our session. Not to gloat, but I designed it this way and I’m the envy of a few other professors *cough* windows instructors *cough*.

I have this one student that I’ll call “Pima”. Yes, that’s an acronym.

Pima is one of the 17 year olds in the class and considers himself an uber-hax0r. He constantly interrupts me during my lessons trying to make valid points that are somewhere between “WTF?” and “OMG YOU ARE NOT USING TEH DEBIAN!”. For those of you that listen to the podcasts and remember my story about training some folks over in another country and some dude put my kevlar vest over top his… well let’s say if we were in combat and this kid dropped his kevlar I think I’d dig a hole and bury it so he couldn’t find it.

This kid has the attention span of me at a Hooters restaurant. He’s always doing “something” on his PC during class. Most of the time he’s constructing poorly written bash scripts and trying to download stuff from an internet connection that really doesn’t exist. I didn’t say he was bright did I? Right.

One day recently we had a special saturday class that was very lab intensive. Right before the lunch break I informed everyone that I’d be going around to each PC and “breaking” something that they’d have to fix when they got back. Usually I do something silly like screw with their /etc/resolv.conf file, comment out some things in a service’s configuration file, or some other type of fun.

During the lunch hour I wander around and start breaking stuff. I get to Pima’s machine and I can’t login to the machine as root. My little uber-hax0r had changed the root password.

[Note from Scrap: All students have the root password to their workstations as part of their lesson]

Let’s keep in mind that this kid is NOT the ripest banana in the bunch by a long shot. Let’s think about this, shall we?

1) The PC neboots to an image. Changing the root password is effective for the current ’session’ only. I reboot the machine, I get a fresh load. Kapisch?

2) SSH is running on all of these boxes. Did I mention that I authenticate using a certificate to all of these machines? I don’t NEED the password.

3) In /etc/passwd, there’s this really cool user called (and I kid you not) “backdoor”. Backdoor is authorized for ’su’.

Curiosity was killing me. I tried to login as “backdoor” and sure enough it worked and I could issue commands as root. Duh.

I wandered back to my instructor workstation and ssh’d to his box as root with no problems.

I had a decision to make. Do I just reboot the machine and carry on? Or do I teach this kid a lesson?

Oh yeah, he’s getting a lesson.

I whipped out my microphone from my laptop bag and plugged it into my workstation. I recorded a few choice sound files and scp’d them to his workstation in a directory I made called “/tmp/…/lmao”.

I then made sure that ’sox’ was installed on the workstation. It was. I ran back over to Pima’s workstation and made sure that the speaker volume was turned to 75% on his speakers. Just to be a jerk I used my trusty pocketknife to pry the volume knob off of the speakers. There will be no adjusting these bad boys!

The clock said that I had half an hour left before the students returned, so I quickly returned to breaking the rest of the students’ workstations.

A half hour later it was show time.

The students filed back into the classroom. Pima was five minutes late as usual.

I instructed the class not to touch their keyboards until I gave them their instructions.

After I prattled on for five minutes with the assignment I sat back down at my workstation and acted like I was busy. I noticed that Pima had a big grin on his face after he logged into his machine with his root password. The grin said “haha you didn’t break MY stuff!”.

I brought up the xterm that was ssh’d into Pima’s workstation and issued the following commands:

$ cd /tmp/…/lmao
$ play haha1.wav

At that moment a loud booming voice commanded its way from Pima’s speakers:

YOU SHOULDNT HAVE CHANGED MY ROOT PASSWORD BOY!

There was dead silence in the room. Pima jumped back about half a foot from his PC.

Laughter ensued.

I glanced up from my screen and glared at Pima.

“Is there a problem? You should be working on your assignment and not goofing around.”

Pima squeaked out a “It wasn’t MEEEEE!”

I glanced back down at my screen and waited another few minutes.

I then issued this:
$ play haha2.wav

The class was treated to a very high-pitched chimpmunk version of “MY HUMPS! MY HUMPS! MY ITTY BITTY HUMPS!”

At this point the class was dying in laughter.

I continued with my straight man act.

“Pima, if you interrupt this class one more time I’m walking you out. Have some respect.”

He sat there and didn’t say A WORD.

A few more minutes go by and Pima is typing like a mad man on his keyboard trying to figure out what the heck is going on.

It was now time for “Le Finale Grande”.

$ play haha3.wav

Pima’s speakers blared the following in my own God-like voice:

“ATTENTION CLASS. THIS IS WHAT HAPPENS WHEN YOU DONT PAY ATTENTION TO THE INSTRUCTOR, CHANGE YOUR ROOT PASSWORD AND COMPLETELY DISREGARD YOUR ASSIGNED WORK. THAT IS ALL.”

At that moment Pima figured it out and was treated to his classmates (and me) laughing hysterically at him. He stood up, put his arms up in the air and proclaimed “YOU GOT ME. YOU GOT ME. OKAY.”

Pima has been a perfect gentleman since.

He even shows up to class five minutes early every day.

From: IT Tool Box

Posted in: Hacking News


Latest Posts:


Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.
Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.


3 Responses to Im In Your Leenucks Box Changing Your Password

  1. Sir Henry December 14, 2007 at 7:46 pm #

    I love this story. I still laugh out loud every time I read it. Sounds like something that Goodpeople would have fun doing.

  2. Etagy March 4, 2008 at 9:10 am #

    Hehe, very amusing story *giggle*

    More hacker humour, please!

    Etagy

  3. Andy90 March 4, 2008 at 10:58 pm #

    Great story :)
    Tried something similar when I was back at school (though not nearly as complicated (trust me, was simple)) and got suspended form IT for two weeks haha