Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Hi client,
I am not able to login to your prod server. Can you please verify the following:
Host: x.y.x.y
Port: 1234
Username: ABCD
Password: password1234
Thanks,
My idiotic coworker8 -
"I'm just trying to replicate {ticket-1234} so I can write a quick hotfix."
- "Oh, it doesn't work on dev."
- "So... I have to test on stage?"
- "It doesn't work on stage either."
- "Uh, on prod?"
*office laughs*
We're doing it live folks.2 -
Navy story continued.
And continuing from the arp poisoning and boredom, I started scanning the network...
So I found plenty of WinXP computers, even some Win2k servers (I shit you not, the year was 201X) I decided to play around with merasploit a bit. I mean, this had to be a secure net, right?
Like hell it was.
Among the select douchebags I arp poisoned was a senior officer that had a VERY high idea for himself, and also believed he was tech-savvy. Now that, is a combination that is the red cloth for assholes like me. But I had to be more careful, as news of the network outage leaked, and rumours of "that guy" went amok, but because the whole sysadmin thing was on the shoulders of one guy, none could track it to me in explicit way. Not that i cared, actually, when I am pissed I act with all the subtleness of an atom bomb on steroids.
So, after some scanning and arp poisoning (changing the source MAC address this time) I said...
"Let's try this common exploit, it supposedly shouldn't work, there have been notifications about it, I've read them." Oh boy, was I in for a treat. 12 meterpreter sessions. FUCKING 12. The academy's online printer had no authentication, so I took the liberty of printing a few pages of ASCII jolly rogers (cute stuff, I know, but I was still in ITSec puberty) and decided to fuck around with the other PCs. One thing I found out is that some professors' PCs had the extreme password of 1234. Serious security, that was. Had I known earlier, I could have skipped a TON of pointless memorising...
Anyway, I was running amok the entire network, the sysad never had a chance on that, and he seemed preoccupied with EVERYTHING ELSE besides monitoring the net, like fixing (replacing) the keyboard for the commander's secretary, so...
BTW, most PCs had antivirus, but SO out of date that I didn't even need to encode the payload or do any other trick. An LDAP server was open, and the hashed admin password was the name of his wife. Go figure.
I looked at a WinXP laptop with a weird name, and fired my trusty ms08_067 on it. Passowrd: "aaw". I seriously thought that Ophcrack was broken, but I confirmed it. WTF? I started looking into the files... nothing too suspicious... wait a min, this guy is supposed to work, why his browser is showing porn?
Looking at the ""Deleted"" files (hah!) I fount a TON of documents with "SECRET" in them. Curious...
Decided to download everything, like the asshole I am, and restart his PC, AND to leave him with another desktop wallpaper and a text message. Thinking that he took the hint, I told the sysadmin about the vulnerable PCs and went to class...
In the middle of the class (I think it was anti-air warfare or anti-submarine warfare) the sysad burst through the door shouting "Stop it, that's the second-in-command's PC!".
Stunned silence. Even the professor (who was an officer). God, that was awkward. So, to make things MORE awkward (like the asshole I am) I burned every document to a DVD and the next day I took the sysad and went to the second-in-command of the academy.
Surprisingly he took the whole thing in quite the easygoing fashion. I half-expected court martial or at least a good yelling, but no. Anyway, after our conversation I cornered the sysad and barraged him with some tons of security holes, needed upgrades and settings etc. I still don't know if he managed to patch everything (I left him a detailed report) because, as I've written before, budget constraints in the military are the stuff of nightmares. Still, after that, oddly, most people wouldn't even talk to me.
God, that was a nice period of my life, not having to pretend to be interested about sports and TV shows. It would be almost like a story from highschool (if our highschool had such things as a network back then - yes, I am old).
Your stories?8 -
Story time! This happened several years ago, back when I didn't have a computer and I was just using the computers at the university. They had 8 iMacs all in a row, and I would sign into one and do my work.
Now these computers have Deep Freeze on them, which is a fancy hard disk driver that treats the entire drive as copy-on-write, so when anything writes to the drive it makes a copy of the block and writes to that instead. That way all your changes are gone when you reboot. It's a real nifty idea, but it's annoying that you have to reset all your settings the way you like them.
So as part of my setup routine I signed into iCloud. This automatically synced my browser history and my email, and various other things I didn't really care about.
One of those things I didn't care about was Find My Mac. I found this out next time I signed into iCloud and saw the university computer on the list. I had never seen these computers on the list before since normally the computer reboots and forgets everything when you log out. What I think happened is the sysadmin forgot to check the "reboot on logout" option in Deep Freeze. So I was like "I wonder what would happen if I passcode locked the computer?" I clicked the passcode lock option and entered 5555, and it seemed to work.
The next day I come in and the particular computer I locked was gone. I thought "oh God what have I done". So I inquired with the sysadmin (who I really hope is not reading this) and he said "oh, someone got into the Find my Mac thing and locked it down. We were trying different codes, since if we couldn't unlock it we'd have to send it to Apple and provide proof of purchase and that could take weeks. We had tried all the obvious ones like 1234 and that wasn't working so I was about to give up, but then I tried 5555 and it rebooted! So yeah, it'll be back soon, and I decided to try installing OS X 10.11 on it because we'll all need to upgrade sooner or later eventually and it's best to have tested a bit first."
So in the end I somehow made it out with my skin still on, and also with El Capitan on one of the computers, which was the only one I used after that. Not so bad! Oh and if you've manged to read all the way through you deserve a cookie 🍪😄1 -
So recently I did a lot of research into the internals of Computers and CPUs.
And i'd like to share a result of mine.
First of all, take some time to look at the code down below. You see two assembler codes and two command lines.
The Assembler code is designed to test how the instructions "enter" and "leave" compare to manually doing what they are shortened to.
Enter and leave create a new Stackframe: this means, that they create a new temporary stack. The stack is where local variables are put to by the compiler. On the right side, you can see how I create my own stack by using
push rbp
mov rbp, rsp
sub rsp, 0
(I won't get into details behind why that works).
Okay. Why is this even relevant?
Well: there is the assumption that enter and leave are very slow. This is due to raw numbers:
In some paper I saw ( I couldn't find the link, i'm sorry), enter was said to use up 12 CPU cycles, while the manual stacking would require 3 (push + mov + sub => 1 + 1 + 1).
When I compile an empty function, I get pretty much what you'd expect just from the raw numbers of CPU cycles.
HOWEVER, then I add the dummy code in the middle:
mov eax, 123
add eax, 123543
mov ebx, 234
div ebx
and magically - both sides have the same result.
Why????
For one thing, there is CPU prefetching. This is the CPU loading in ram before its done executing the current instruction (this is how anti-debugger code works, btw. Might make another rant on that). Then there is the fact that the CPU usually starts work on the next instruction while the current instruction is processing IFF the register currently involved isnt involved in the next instruction (that would cause a lot of synchronisation problems). Now notice, that the CPU can't do any of that when manually entering and leaving. It can only start doing the mov eax, 1234 while performing the sub rsp, 0.
----------------
NOW: notice that the code on the right didn't take any precautions like making sure that the stack is big enough. If you sub too much stack at once, the stack will be exhausted, thats what we call a stack overflow. enter implements checks for that, and emits an interrupt if there is a SO (take this with a grain of salt, I couldn't find a resource backing this up). There are another type of checks I don't fully get (stack level checks) so I'd rather not make a fool of myself by writing about them.
Because of all those reasons I think that compilers should start using enter and leave again.
========
This post showed very well that bare numbers can often mislead.
21 -
Date of doom... they forgot the double quotes...
(btw. $dateString is in the form "1234-10-11")
The fun part is that this comparison fails because $dateString is not numeric (due to "-") thus won't be (non-strictly) equal to 0 (int).
Damn fuucking amateurs... all hacks no skill.
10 -
TLDR; Default admin login on WEP encrypted WLAN router for getting free stuff at my hair stylist studio.
Free WLAN in my hair stylist studio: They had their WEP key laying around in the waiting area. Well, I am not very happy with WEP, thought that they never heard of security. Found the default GW address, typed it into my browser and pressed Enter, logged in with admin/1234 and voila, I was root on their ADSL router 😌 Even more annoyed now from such stupidity I decided to tell the manager. All I told him was: You use a default login on your router, you give the WiFi password for free, WEP is very very insecure and can be hacked in seconds, and do you know what criminals will do with your internet access? He really was shocked about that last question, blank horror, got very pale in just one sec. I felt a little bit sorry for my harsh statement, but I think he got the point 😉 Next problem was: he had no clue how to do a proper configuration (he even didn't knew the used ISP username or such things). Telled me that 'his brother' has installed it, and that he will call him as soon as possible. Told him about everything he should reconfigure now, and saw him writing down the stuff on a little post-it.
Well, he then asked me what he can pay me? Told him that I don't want anything, because I would be happy when he changes the security settings and that is pay enough. He still insisted for giving me something, so I agreed on one of a very good and expensive hairwax. Didn't used it once 😁
Some weeks later when I was coming back for another hair cut: Free WLAN, logged in with admin/1234, got access and repeated all I did the last time once more 😎
HOW CAN YOU NOT LEARN FROM FAILS??2 -
Why would anybody do this?
Especially the last point
aaaaaab is already a lot more secure then 1234 but who cares, right?
8 -
When coworkers built the shop to allow adding items to cart via url query parameters-_-
/shop/?itemNum=1234&Qty=4
..what?4 -
***ILLEGAL***
so its IPL(cricket) season in india, there is a OTT service called hotstar (its like netflix of india), the cricket streams exclusively on hotstar..
so a quick google search reveals literally thousands of emails & passwords, found a pastebin containing 500 emails&passwords ...but those are leaked last year most of passwords are changed & many of them enabled 2FA.. after looking through them we can find some passwords are similar to their emails , some contains birth year like 1975,1997 etc, some passwords end with 123 ..so after trying a few different versions of the passwords like
1) password123 -> password@123, password1234
2) passwordyear -> password@year
2) for passwords similar to emails, we can add 123 ,1234, @ etc
created a quick python script for sending login requests
so after like 30-40 mins of work, i have 7 working accounts
*for those who have basic idea of security practices you can skip this part
lessons learnt
1) enable 2FA
2) use strong passwords, if you change your password , new password should be very different from the old one
there are several thousands of leaked plaintext passwords for services like netflix,spotify, hulu etc, are easily available using simple google search,
after looking through & analysing thousands of them you can find many common passwords , common patterns
they may not be as obvious as password ,password123 but they are easily guessable.
mainly this is because these type of entertainment services are used by the average joe, they dont care about strong passwords, 2FA etc6 -
I accidentally forgot to stop my EC2 instance.....
No joke, I have had to use all of my money that I made through freelancing(20 bucks)10 -
I think the fact that even Apple can't unlock your phone if you forget your passcode proves that they use very naive encryption method.
Suppose my data is "Hey This is Some Data" and Passcode is 1234, I could just Jumble this data using that passcode and It will be difficult to decrypt without Passcode. And If data is huge, it will be fairly impossible to do so. But that doesn't make it a good encryption method.
Such encryption, though safe is not practical, Imagine if there was no "Forget Password" Option on any account, I usually forgot my password very often when I was a child.
Apple has been doing such things for years, Using Bad things as a selling point. Apple users are dumb anyways because they don't want to control their phone.
Reset Password is a weak point which might be exploited but in such cases, usability is more important than security. Any service which doesn't allow resetting Password is a shitty service and I would never use such a service, They are too naive.689 -
Feeling sleepy now.
Gracious, would you be so kind to take a screenshot of my 1234 passing and post it here?
That'd be huge! Thanks4 -
Until about two weeks ago I thought serverless functions looked like this:
api.example.com/Cart.addToCart('product-1234', 1)
Turns out they're just normal API endpoints1 -
DevRant isnt the right place to use a easy password... Which is why i changed it from 1234 to 123456...13
-
So i'm trying to upload a file to an SSH server using node. First I try the obvious putFile method provided by the obvious node-ssh package. On any other server this would work fine but this server doesn't have sftp installed so that doesn't work.
OK, so next I learn how scp works (it runs the command "scp -t" on the remote server, and sends to stdin a command like "C0666 1234 file.txt" and then sends the contents of the file) and I write some javascript code to do this. It's pretty finicky, the first few tries I forget to close the stream right or detect the program finishing. I add some logging and that helps me figure out what the problem is, and finally I get it to not output any errors.
So I log into the server and check and the file isn't there. I try again several times, file still isn't there. I try running scp -t manually on the server, typing in exactly what my program is sending, and it works. This goes on for a while until I realize that I've been sending a file to one server and logging into a different server to check if the file was sent. grrr6 -
What getting an AWS solutions architect certification got me:
Acceptance into the 4 top high schools in the area( one of which being in the top 5 public schools in the United States)
2 internships/apprenticeships
1 opportunity at the local college for some research experience
Vasts amounts of knowledge about servers and back end technologies I have never known about
And of course, the most important one, getting all the aunties attention at parties
People like to say that certifications don’t help but they get your foot into the door, it’s up to you to do the rest of the work3 -
Brain fart.
In Java and many other languages there are basic types, like char and String. So why does Java have char and String, but not a digit type?
A number is basically a series of digits. For modular arithmetic it is very useful to be able to extract the 3 in the number 1234, it's just the 3rd digit in a number.
Base 2, base 10, base anything could be supported easily too. E.g. a base 2 digit would be:
digit d = 0b2; // or 1b2, but 2b2 would be a compilation error
A number would then be some kind of string of digits.
Any thoughts on this?9 -
Why on earth can one perform calculations on pointers in c++? I can think of a dozen ways this could go wrong, but none where this is useful.
Following example:
int t = 1234;
int tt = 5555;
int* p = &t;
int* pp = *(p + 1):
Here pp will give me 5555...5
Top Tags
Weekly Rant
View