back to article Student requested access to research data. And waited. And waited. And then hacked to get root

Welcome once more to Who Me? The Register’s confessional column in which readers admit to being the source of SNAFUs. This week meet a reader we’ll Regomize as “Wesley”, who 25 years ago was about to embark on a thesis in mechanical engineering, continuing the work done by a more senior student who was working towards his …

  1. GlenP Silver badge

    Not Caught...

    Our OpSys project at Uni was carried out on a Unix box. With several student groups all vying to use it, plus lectures, etc. time on the system was precious. It didn't help that the operations people had blocked logins daily from 12:00-14:00, "In case we need to carry out updates or maintenance!"

    Fortunately one of the PhD students was sympathetic having been in the same position the previous year, and conveniently had the su password which he let slip. That would bypass the block and then allow us to sudo login on our own user. This happened most lunchtimes for at least a month, the ops staff never did notice so their maintenance window was hardly essential.

  2. Anonymous Coward
    Anonymous Coward

    Not caught either...

    Not busted as such, but I do remember seizing admin rights of a previous company laptop some years back. The frustration was that I was a contract IT engineer, so I had a customer laptop and an admin account that worked across their entire estate. If anything went wrong, I had the power to fix it. But for the laptop I had from my own company, no admin rights and everything heavily locked down.

    Then one day my USB docking station stopped working with my company laptop - worked fine with other laptops so I knew the dock was physically OK. Of course I couldn't re-install the drivers from Lenovo's website as I didn't have the admin rights to do so, and trying to re-install them via the SCCM bundled version my company provided kept failing. So, I logged a ticket with our in-house support and many hours later after struggling to manipulate big spreadsheets on a little laptop screen, someone connected remotely, opened an elevated command prompt and ran a couple of commands before telling me to reboot the laptop in my own time and then ending the remote session.

    At this point I noticed they'd left the elevated command prompt open, and 30 seconds later I'd used it to create a local admin account. One reboot later, the dock still didn't work and SCCM still wouldn't let me install the drivers for the dock correctly, but now I could at least use my local admin account to install the drivers direct from Lenovo's website and my docking station promptly burst back into life.

    Yes, in hindsight it was a naughty thing to do, but I guess my frustration of being an IT support engineer who didn't have the rights to fix my own company laptop kind of grated on me. Anon for obvious reasons...

    1. Anonymous Coward
      Anonymous Coward

      Re: Not caught either...

      You didn't work for Wipro by any chance? They had an awful habit of locking their machines up so tight that you couldn't even run their compliance checker without admin rights... which, of course, you didn't have. So you didn't run it. Until you got the e-mail saying that your machine wasn't compliant which meant that you had to raise a support ticket.

      And, of course, this support ticket was dealt with either during the UK night or the weekend and, as you hadn't replied (because you were - shock horror, not only not on-shift but were sleeping), - the support ticket was closed.

      And then you got another e-mail telling you that your machine was non-compliant...

      1. Anonymous Coward
        Anonymous Coward

        Re: Not caught either...

        This is years old and relates to my time at uni where Win 95 was the big OS at the time. Well I had a fellow student who despite pleading from my good self did not back her work up to two floppy disks. She decided instead to save it onto the local drive of the uni machine in the library which was very dangerous. The computers in there were often getting viruses and so were wiped every so often. The college didn’t have a network the students could access and you couldn’t save anything there.

        There were notices on every machine telling people not to save onto the C drive as well so there was no excuse. Well I found out what she was doing and told her to save her work onto a floppy right now, whilst I watched. She did so but then a few days later is trying to find me urgently. She had password protected her Word files and had saved the password on the C drive of the machine she normally used. As things go this was dumb but better to have stored it somewhere than not at all.

        She wanted to see me because that machine was locked with an out of use notice on it. She was desperate so I used a login and password for the computers that I had snaffled earlier in the year. The password was tied to the login details and once you knew one of them the rest were easy to work out. Sadly the files had been wiped from the hard drive and her password file was no more. She was beside herself and her entire course work was now unavailable which was a disaster. Well Word didn’t encrypt files back then and Wordpad easily opened them. Of course there was a mess and no formatting etc.in the files but the everything she’d saved was there. I copied each file to new word documents and she was overjoyed. She had to work on the files to get the formatting back but it saved her lots of work and myself beer money as she bought my drinks for a week.

        1. Roopee Bronze badge
          Meh

          Re: Not caught either...

          I assume you fancied her, to go to all that trouble - and while a week of free beer sounds good I bet it wasn’t quite what you were hoping for!!

    2. John Brown (no body) Silver badge

      Re: Not caught either...

      "my frustration of being an IT support engineer who didn't have the rights to fix my own company laptop kind of grated on me"

      I feel for you, being in precisely the same situation. I've even got admin credentials (legitimately so!!) for a "secure" government organisation but my own company phone and laptop is so locked down there are times I can't actually do my job properly because I can't access or update the OEM tools REQUIRED as part of the job. It's been months now and our infosec team still have not resolved the issue.

      1. The Oncoming Scorn Silver badge
        Pint

        Re: Not caught either...

        Being in the Justice department Gubberment offices in Alberta, unable to install a driver as my elevated credentials wouldnt allow me net access & this was a web install.

        Fortunately I'd installed the drivers on a less picky machine & I had the asset number to hand\or I walked into the provincial Gubberment offices across the road & managed to drag the inf & dll's across & prided myself on a job well done under trying circumstances.

        The office manager\head legal eagle was somewhat pissed as "we" held the contract & weren't outsourcing it to a local company any more & demanding she should have been told (Despite the fact I had been there before & deployed new laptops) & that I took so long in getting the hardware to work I didn't know what i was doing.

        Meanwhile I am now working at a [REDACTED] place that is (Understandably) even more restrictive with 2FA, multiple passwords, passwords updated every 30/60 days 15 characters minimum, elevated rights for USB use, secure builds taking at least 12 hours to complete.

        I can do my work without too much issues though & while I could go on, but I have this addiction about needing to eat & enjoying a icon at end of day.

      2. Electric Panda

        Re: Not caught either...

        Security is a balancing act between usability and staying safe. Far too many people think that "security" is locking everything down to the point where it's squealing in pain and nothing works - in actual fact that can compound the problem as desperate people seek unapproved workarounds.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not caught either...

          That's how you identify people to promote or fire.

        2. John Brown (no body) Silver badge

          Re: Not caught either...

          I absolutely agree. But when classed a "trusted" person with multiple security clearances to work on customer equipment, it seems a bit bass ackwards that the same "trusted" person is treated as a "generic user" with such restricted access it impairs their job function. That's not security. That's laziness for rolling out a generic security policy without actually checking what staff NEED to do their jobs first.

          We've all seen comments about people switching off the ancient, "unknown" server that no one remembers what it's for to see if anyone squeals. But this sort of security policy is like firewalling off the main DB server to everyone just to see which users actually need access and not having a process in place for months to grant the needed access.

        3. Great Southern Land

          Re: Not caught either...

          Or between common sense and paranoia/distrust of staff

      3. HMcG
        Boffin

        Re: Not caught either...

        I worked regularly for a client whose IT team locked down every PC on their network with a passion close to insanity. This was probably survivable for office work, but wasn't useful at the extremely remote, barely connected, industrial control locations I was contracted at as a 3rd party specialist support engineer.

        Particularly on one occasion, where the user rights were so limited I couldn't even disable the screensaver from coming on after 5 minutes on, on banks of industrial

        control PCs monitoring critical processes that required constant supervision, or Bad Things Would Happen.

        Luckily, they provided remote support, eventually, by connecting via VNC and logging in aa admin at the standard Windows login. A quick Atl-Tab just after they typed in the user name then tabbed to the password field, and they would usually type in the full password before they noticed the cursor was in the username field, and so not obsc****.

        I don't know if they ever figured out they should setup VNC to lock out local keyboard and mouse functionality on connection, because I was certainly never going to tell them.

  3. Dinanziame Silver badge
    Angel

    Not caught either... Or they never caught up with me

    I once unintentionally created a security vulnerability in the lab website by creating a PHP webpage that allowed users to upload files into a subdirectory — for instance, upload an arbitrary PHP file that would then be executed on request, including executing bash commands. I realized the problem afterwards but didn't fix it, which came in handy later when I needed to grab a data file from my private directory once but couldn't get ssh to work for some reason; I was able to upload a PHP that would copy my file to the website and download it from there.

    1. Disgusted Of Tunbridge Wells Silver badge

      Re: Not caught either... Or they never caught up with me

      Incase you aren't aware and if that website is publicly accessible and still live, anything that handles file uploads is potentially vulnerable to this if not handled correctly and dodgy people know that and will try to exploit it.

      1. Elongated Muskrat Silver badge

        Re: Not caught either... Or they never caught up with me

        I've no idea why you've accumulated down-votes for that. I don't always agree with your posts, but you're bang on the money in this instance. Seemingly innocent functionality in web-sites such as unrestricted file uploads can cause whole classes of attack vectors, and serious headaches for the unwary.

        1. Disgusted Of Tunbridge Wells Silver badge
          Facepalm

          Re: Not caught either... Or they never caught up with me

          There are people here that downvote people they disagree with on politics.

          I once had some nutter go through pages of my comments and press downvote on all of them going back months because I'd posted something that he disagreed with.

          I don't give a toss so I'm not sure what the point was.

          1. Dabooka

            Re: Not caught either... Or they never caught up with me

            I've had that too, except mine was about hydrogen fuel cells or something.

            Resulted in pages and pages of DVs. Oh to have the time...!

            1. Anonymous Coward
              Anonymous Coward

              Re: Not caught either... Or they never caught up with me

              Oh to be able to knock up simple scripts...!

          2. The Oncoming Scorn Silver badge
            Trollface

            Re: Not caught either... Or they never caught up with me

            I think many of the regular commentards here, have their own "NOB*" downvoting them sporadically.

            I expect mine will now DV this.

            *Nutter On the Bus.

          3. Jou (Mxyzptlk) Silver badge

            Re: Not caught either... Or they never caught up with me

            You are not alone. I accumulated some hate-followers as well.

        2. Roopee Bronze badge

          Re: Not caught either... Or they never caught up with me

          I think the down votes were because it was obvious from the OP’s comment that he was already well aware - ie it was patronising.

          1. Disgusted Of Tunbridge Wells Silver badge
            Facepalm

            Re: Not caught either... Or they never caught up with me

            In that case, you and the downvoters misunderstood. Perhaps my post was worded poorly.

            My point was that if there's a way to upload a file, people will try to exploit it because they expect that it might have this specific vulnerability.

            I assumed that the original poster wasn't aware because they:

            A: wrote code with that vulnerability in the first place

            B: didn't fix it ( or report it ) when they found out because they figured that nobody would know

            The point of my post being that just because you didn't tell anybody this vulnerability exists doesn't mean they can't trivially find it.

            1. Elongated Muskrat Silver badge

              Re: Not caught either... Or they never caught up with me

              As the adage goes, security by obscurity is no security at all. You have to read literally anything written by Bruce Schneier to be aware of this.

              The corollary to this relates to why you shouldn't try to invent your own security mechanisms. Doing security properly is Hard, and just because you can come up with something you can't break yourself, doesn't mean someone else can't come along and crack it in seconds.

    2. Elongated Muskrat Silver badge

      Re: Not caught either... Or they never caught up with me

      There are good reasons that web servers should be configured to tightly control both where files can be uploaded (directory traversal attacks such as adding ../../bin/ or similar to the start of the filename are a serious attack vector) and what can be done with files in those locations (no execute permissions, and no permissions to serve them up directly, to avoid injection attacks into web pages).

      It's one thing to create a vulnerability in an internal web-site (which is still bad because they can be used by attackers from within the organisation), and quite another to let these into the wild. It's why there's a whole industry based around pen-testing.

  4. Anonymous Coward
    Anonymous Coward

    In Code We Trust

    Anyone else remember this handy dandy bootable CD image? You could wipe out any Windows NT based OS admin password, do what you needed, then restore the password. Came in handy for semi-legitimate reasons (needing an app on a work PC that was locked down) but no doubt used by others for more nefarious means.

    Unfortunately drive encryption being more or less "standard" these days has put paid to such skullduggery. But I do still have the ISO ... just in case.

    1. Anonymous Coward
      Anonymous Coward

      Re: In Code We Trust

      Yeah, we used something similar in one place before there was a sensible route to request admin rights, although it didn't reset the password back afterwards. Helped a lot for installing software we needed.

      Then confused the deskstop support guy because the Administrator password he had didn't work on my PC while I feigned ignorance as to how that could have happened...

      1. HMcG

        Re: In Code We Trust

        " the Administrator password he had didn't work on my PC "

        So you didn't offer him a shot of your handy-dandy bootable CD that would solve that problem for him?

    2. DailyLlama

      Re: In Code We Trust

      Yep, I used it when I was at a site migrating PCs from the old company domain to our one (having purchased their company) and realised after the first reboot that I'd forgotten to change the local admin account password, and therefore couldn't log on to join to the new domain...

      1. stiine Silver badge
        Facepalm

        Re: In Code We Trust

        Been there, done that....wiped and reinstalled...followed by having to explain why...fun was not had by all.

      2. Keith Langmead

        Re: In Code We Trust

        Yeah, bet that's a mistake you've not made since! :) Been there, done that, got the t-shirt. Gotten into the habit these days of logging into the machine as local admin rather than domain admin to do a disjoin, that way there's no chance of doing it without knowing what the current local admin password is.

    3. ShortLegs

      Re: In Code We Trust

      Hirens Boot CD.

      Still have v15 ‘just in case’. VERY useful for clients who had forgotten passwords

      1. The Oncoming Scorn Silver badge
        Pint

        Re: In Code We Trust

        I still keep backup ISO's of that on my NAS, just in case.

    4. Tim99 Silver badge

      Re: In Code We Trust

      SystemRescueCD: system-rescue.org?

      1. C R Mudgeon Bronze badge

        Re: In Code We Trust

        "SystemRescueCD"

        That's an excellent tool -- my go-to live CD for Linux recovery, file-system mucking about, etc.

        But it's unlikely to be the one this person used; I don't think it has a lot to offer in Windows-specific utilities

    5. Bebu Silver badge

      Re: In Code We Trust

      "Anyone else remember this handy dandy bootable CD image? "

      https://pogostick.net/~pnh/ntpasswd/

      Mostly worked its magic for me.

    6. TheMaskedMan Silver badge

      Re: In Code We Trust

      Yep, I used something like that frequently years ago, though it didn't restore the password afterwards. Great for shamefaced clients who'd forgotten their password again. I haven't needed it for years, though, so I've no idea if it still works.

      Even further back in time, on Win9x machines, I was often tasked with setting up email in Outlook Express etc when the client was moving to a new machine. It was pretty much standard that they'd have forgotten their password and I eventually got so fed up of resetting mail passwords that I wrote a little program that found the password edit, sent it a wm_gettext message and dropped it into a clear text edit do I could see it. Sadly, that little timesaver went west in XP:(

      1. swm

        Re: In Code We Trust

        When I worked for Xerox I discovered a technique that would display anyone in the corporation's password in clear text. Even the CEO etc. A big hole in security. I sent the head of security his password with the code I used. It was for lazy PARC programmers that didn't like typing in their password all the time.

        The head of Xerox security was asked if he changed his password (a long one etc.) and he said, "Why bother? Any new password would be just as vulnerable."

        A year later this hack didn't work so I guess I had some effect in tightening security.

    7. JT_3K

      Re: In Code We Trust

      I mean, I certainly wouldn't possess a fairly well played with USB-bootable Windows 10 based WinPE filled with such tools and somehow an in-baked ability to break through encryptions and permissions on local drives (assuming in their original PC). No, doesn't sound like me at all...

    8. Anonymous Coward
      Anonymous Coward

      Re: In Code We Trust

      Also handy in resurrecting machines that have tombstoned off the domain.

    9. TekGuruNull

      Re: In Code We Trust

      Ah, yes. The good old days before Microsoft ruined PC repair with BitLocker. Now when someone can't log in, they lose everything since absolutely no one backs up their BitLocker key. Another security triumph from Redmond. Hirens was nice, used it all the time. Sergei Strelec's WinPE seems to be king of the hill these days. I've used it, but usually BitLocker is enabled and owner/user = screwed.

  5. Anonymous Coward
    Anonymous Coward

    We used to hijack lab PCs running Windows NT by booting them on Windows 95 from a zip drive (remember those?)

    Once Quake was running, you could unplug the drive and move to the next one.

    1. ChrisC Silver badge

      Remember, yes. Got 3 of them (2x parallel port, 1xSCSI) in a storage crate in the shed, yes. Recently obtained a USB version off of eBay to format-shift the contents of all the PC Zip discs that were in the crate next to them, because I no longer have any PCs capable of using the original drives and I wasn't sufficiently organised to have format-shifted before those PCs got decomissioned, yes... For a bonus, the USB drive can also be configured to be visible as a drive within a WinUAE-emulated Workbench environment, which means that with the appropriate mountlist entry I can format-shift the discs I used with my Amiga as well.

    2. Johan-Kristian Wold 1

      Oh, yes. I've got a couple of those knocking about. One Scsi and one ide version. Both salvaged from old macs.

      At the time, they were considered as having oodles of space. Now - not so much

      1. Wally Dug
        Thumb Up

        Oodles of Space

        A CD-R can hold how much?!? I'll never be able to fill all that!!!

        Plus ça change, plus c'est la même chose.

        1. Michael Duke

          Re: Oodles of Space

          I still remember speccing my first 386 based PC and getting a Maxtor 245MB hard drive and all of my friends saying "You will never fill that up, 80MB is heaps"

          Those were the days.

          1. hoola Silver badge

            Re: Oodles of Space

            Back in the dawn of time for computers (this is showing my age) I was working in a well known department store when the first Amstrad PC-Compatible computers came in. For an (at the time) very large amount of money you could even have one with a 10MB hard drive. It was awesome, you would never be able to fill it...... There was a huge red LED on the front that constantly flashed t show you it was doing something. They also failed with monotonous regularity.

            Black and white monitors.

            GEM Desktop.

            DR DOS (I may be wrong on that).

            5" floppy disks!!!!!

            The upmarket ones before the addition of the hard drive even had 2 floppy drives so you could run the OS on one and store your "stuff" on the other.

            Jump forward 25 years and how things have changed.

            1. The Oncoming Scorn Silver badge
              Pint

              Re: Oodles of Space

              We had the PC1512DD & 1640HD IIRC at Modem House.

              I remember we fitted a Hard Card into the 1512DD, I had to add a cap to stop the inbuilt PSU in the monitor to stop it crapping out.

              Then again I recall being there at the launch, when someone tested the Amstrad sales guy claim that the 1512 could run any IBM compatible software - A IBM diagnostic disc killed it in seconds.

              Miss those fun days - Many icons were drunk at trade shows.

          2. vcayenne

            Re: Oodles of Space

            You young 'uns.

            For me it was the early eighties and I got gifted a whole department's worth of micro-computing! Two Apple IIe machines and an Apple II+ along with a Corvus network(!) with a 5MB drive and a 300 baud modem. Truly my cup had runneth over! I was a mainframe programmer at the time so this (supposedly) was akin to a tractor mechanic being given a toy train set.

      2. aerogems Silver badge

        Well la te da Mr. Richman! I had the parallel port version! Seemed like a great idea at the time, but it was basically the razor blades business model. The drive was relatively cheap, like the handles for razors, but the disks (or actual razor blades) were another story. Then of course CD-R came along, and RW not long after that, completely eating the Zip drive's lunch.

        1. Terry 6 Silver badge

          And those LS-30 or some such imaginatively named "Super Floppies" that appeared just before the CD revolution. Drives weren't especially cheap, but were tolerably priced. The actual discs were a fortune.No one ever seemed to buy more than one or two- and the system was already obsolete before the CD replaced them. Not the first or last time that tech companies got so greedy they killed the goose.

          1. The Oncoming Scorn Silver badge
            Pint

            LS-120

            We had those in PC's & laptops we sold/supplied to the Royal Marines

            They were a bit fussy, but would take 1.44Mb & High capacity disc usually, then we had the one that one officer decided to disembowel with a knife because of a stuck disc he was trying unsuccessfully to remove (The paperclip eject hole was in the middle of the eject button).

    3. aerogems Silver badge

      I did something similar in my grade school days. Back when you could hold down Shift during boot to enter a kind of proto-safe mode. A couple lab computers in the school library were still using Win 3.1, so one day I got bored in a study hall period, rebooted the system, loaded up QBasic, and started playing Gorilla. When the librarian, who seemed to hate her job as much as she hated kids, discovered what I was doing, I just got up and went to find a seat somewhere else. Since she made a point about specializing in Macs, she had to follow a set of instructions literally laminated and taped to the table next to the computer, only she was confused for a bit because I left the system running QBasic and that wasn't covered in her set of instructions. I was rather amused watching her spend a minute or two staring at the system trying to figure out what to do before it dawned on her she could just hit the reset button (remember those?).

      1. Sudosu Bronze badge

        You could hack Gorilla and change the explosion size to it would nuke the entire screen...though rendering it would take a while on 386 machines.

  6. Binraider Silver badge

    An ancient NT4 workstation was still dotted around our office a few years ago. It was off network, but kept around because it had some useful applications on it.

    Nobody could remember the passwords on it, however, being the IT bod; script kiddie tools for replacing NT4 passwords have been around for ages (thanks, SysInternals).

    Obviously, using one of these keeps the "old" usernames intact. The boss was somewhat taken aback when I logged into this terminal using his user ID and my (replacement) password.

  7. Terry 6 Silver badge

    Hmmm

    When working with kids in a number of schools I needed to use their computers (not the network so much, luckily). And almost all of them would give me a log-in, like their own staff would have.

    All, in fact,but one. I apparently couldn't be trusted after 30 years of being a centrally employed specialist teacher.*

    But I had a disc (later a USB). With a suite of useful programmes on.. And was able to boot, access and use the machines as standalones to work with the kids as required. I can still see in my minds eye one rather annoyed and stupid deputy head who saw me using a computer with a kid and couldn't work out how.

    *It was, in fact, just a case of one school's senior leadership being very obstructive and negative about centrally employed specialists that they couldn't control. Luckily a rare occurrence that I only met two or three times in 30+ years.

  8. trevorde Silver badge

    Simulated interruption

    When I was studying mechanical engineering in the mid 80s, one of our fellow students used to monopolise a whole row of computers in our Mac lab running his 'simulations'. He used to leave big notices on all the computers about not turning them off as it was required for his thesis. Turned out it was calculating Mandelbrot sets and wasn't required for his thesis at all. Once we knew this, we just threw the notice in the bin, rebooted the computer and did our own work. He had effectively reserved computers for us, so we never had to wait for a computer to come free again!

  9. Anonymous Anti-ANC South African Coward Bronze badge

    Found that using the UTILMAN.EXE hack also worked, even with Server20xx...

    Granted, it is a bit of a schlepp to get it all set up...

    1. stiine Silver badge

      I still use that one, and yes sometimes its a PITA to get it to work.

  10. lglethal Silver badge
    Go

    Living in a Dorm on Campus at Uni in the early 2000's, the cost of internet was atrocious - $2/MB!!!!.

    Queue a few bright sparks in the Dorm doing Comp Sci degrees, realising that from the Dorm we could access Campus computers free of charge, and that if you then set up a Proxy on Campus, suddenly we could all get free internet.

    This lasted almost a year before anyone at Uni noticed. There was a bit of a threat of fallout, but in the end it was all quietly swept under the carpet (as Campus IT Security should really have noticed the massive amount of data going through the Proxies, and the Dorms should have noticed the massive drop in Internet usage as well), and suddenly the internet cost was changed to a simple monthly fee for ~1GB of downloads (or something similar I forget the exact amount). The Proxies were shutdown, and all was well in the halls (and most importantly with no interruption to the weekly CounterStrike tournaments!).

    1. JT_3K

      Similar to the era they put massively bolted down network connections in to the halls of residence in the UK around the same time. They didn't count on Computer Networks students having physical access to the Cisco kit "hidden" in the loft however. Nor did they configure it well, as it was after all, "hidden" and "physically inaccessible". Moreover, when they bolted that down in 2005, they forgot that campus was, with a "Pringles can long range antenna WiFi setup", within distance of the poorly secured campus WEP (?) networks...

      1. anothercynic Silver badge

        And then eduroam came along and all this faff went away ;-)

      2. Electric Panda

        I remember a well-known student hall ISP which sold you various packages, all of which had limits on how many devices could be connected via the port in your room. It was likely just MAC-based port security with an address limit.

        You weren't allowed to use any kind of switch or hub, for obvious reasons. However some bright spark rightly figured out that you could use such a device using modded firmware (DD-WRT, Tomato etc.) and mangle the hop count to bypass the NAT detection. I personally didn't do that (couldn't be bothered and not that keen), but it worked like a champ for those who did.

    2. Antron Argaiv Silver badge
      Windows

      Why, when I were a lad...

      ...personal Teletype and acoustic coupler in my dorm room, and a job at the computer center with a never-expiring unlimited time login.

      Oh, joyful was the day when I got my rebuilt-from-scrap VT-05 working, and tripled my data transfer rate to 300 baud!

      Young people these days...

      1. vcayenne

        The most time I've ever wasted...

        ...other than being on El Reg instead of working, was when I was given a Racal (iMilgo?, -Vadic? eh, lost to the mists of time) modem that ran 28,800 at a time when I was connecting my Mac through a terribly expensive 1200 modem. I spent soooooo many long weeks trying to get that modem to work to connect to all/any the BBSs at the time. I tried connections through both legit and dodgy purveyors, determined to suss out the key to getting that thing to work. No nice universal search back then, alas. It all came to a crushing end when I eventually found out that the modem was a synchronous beast designed for point-to-point comm with a similar modem for corporate use and incompatible with the common kit used in less-rarefied spaces.

  11. entfe001

    This reminds me of my university years about 20 years ago: computer lab at science faculty (note: not computer science) where all Windows XP boxes had heavily locked configurations. Not even switching mouse buttons was permitted, which was a real PITA for a left-handed like me who never had this restriction before. Complaints where elevated all the way up to the faculty dean to no avail, only to be repeatedly told that my request wasn't acceptable due to "security reasons".

    Once decided to try the "Linux" alternate boot option, which was labelled with a "do not use unless you know what you're doing" but otherwise unlocked. Never had used it before, but it had a nice desktop environment, an early KDE, and was perfectly usable once you learned where to find everything. No settings whatsoever were locked -- other than those which required root privileges, of course. So I could use again the mouse with the left hand. Yay!

    Come some months later, I put my USB pen before the boot process completed and found me inside a partition manager to manage the stick drive. Selecting "Back" allowed me to manage every other local partition. "Nice security", I thought, remembering the mouse issue. And immediately realized, as I was almost the only one using the Linux thingy, that destroying the Windows partition rendered the machine unusable for that OS until reimaged, which would happen once every two weeks at most. So for a couple of years I managed to have a workstation just for me, where I just had to ask if the "broken machine" was only Windows non-booting, which sometimes borked itself without my help, so I could use it bypassing queues and reservation schedules.

    Never got caught. The hack ceased to work when they updated the Linux image and the partition manager ceased to pop up anymore.

    Also, I am very grateful for the silly restriction. Discovered Linux back then, never came back to Windows.

    1. The Oncoming Scorn Silver badge
      Pint

      Being Slightly Weird &

      Somewhat ambidextrous (As I think i've mentioned before), I prefer to use the mouse in my left hand but have no issue with the buttons.

      1. Sudosu Bronze badge

        Re: Being Slightly Weird &

        Left hand is for work, right hand is for gaming for me, gotta even out that carpal tunnel for each hand.

        1. Scott 26
          Coat

          Re: Being Slightly Weird &

          > work

          I think you have a slight typo there

      2. Anonymous Coward
        Anonymous Coward

        Re: Being Slightly Weird &

        same here...

        The real pain is sharing with a right-hander, 'cos they insist on moving the mouse to the wrong side of the keyboard!

        (left-handed scissors... waste of time! Only problem with right-handed scissors is when they insist on moulded handles shaped to make things easier/more comfortable for the rightees)

    2. C R Mudgeon Bronze badge

      "... they updated the Linux image and the partition manager ceased to pop up anymore."

      Hmmm, I wonder why *that* happened?

      I'm guessing they realized just what was being done, even if they never figured out who was doing it.

      1. entfe001

        They did not just fix the problem (probably just deactivating something from /etc/init.d would have been enough), they upgraded the whole OS version during summer vacation. Probably it was Mandrake, because that was the first Linux I've installed myself, but memories are fuzzy. The upgrade bumped from KDE2 to KDE3, among many other things -- checking old screenshots revived some of these memories... I haven't seen KDE2 in ages!

        However, for how it was fixed, I doubt they ever realized. It's just that the new version would've deactivated the partition manager popping up at boot on new device detection by default.

    3. Antron Argaiv Silver badge
      Linux

      The year: 1994. New job, schematics were drawn with VIEWdraw on 486-33 boxen with Win 3.1/QEMM. Worked fine, until you opened more than one page at a time.

      We had ONE Unix box, in the lab, with the Unix version of VIEWdraw (which never crashed, because...Unix).

      I had been playing around with Linux and X, but not much else, because compatible apps like OpenOffice were not a thing yet. However, I did have all the X books, and the thought occurred to me that my 486-33 could be dual booted into Linux, then used as an X terminal off the Unix system, thereby allowing me to run VIEWdraw at my desk, but on the Unix box instead of the far more unstable Win 3.1. So, that's what I did. And it worked a treat. Boss was not particularly pleased, because he really didn't understand how I did what I was doing. Didn't bother me, because I got my work done.

      Ever since then, I have realised that Linux beats Windows quite handily in some ways, and overall, doesn't suck any worse than Windows. Which is why I use it exclusively whenever I can. Microsoft appears hell-bent on adding shiny bits to Windows while trying to drive us users towards an MS-managed subscription based advertising platform, with just enough functionality to be called useful.

  12. chivo243 Silver badge
    Trollface

    Hmmm? Searching where?

    Altavista or that famed warez site astalavista?

  13. sfjuocekr

    This is not hacking

    Sad, this guy had to do a search and make a script to gain root access?

    If you have physical access to a Linux machine, you can do the same in under a minute without any scripts...

    Every system admin should know this, but sadly nobody does.

    1. doublelayer Silver badge

      Re: This is not hacking

      It depends what you have and what you need access to. For example, a lab computer which can access a server, on which physical access to the terminal doesn't give you that access to the server, wouldn't work as you describe. Not to mention that if your physical exploit was going to be booting to other devices and using those to modify things on the system, that may be blocked in a few ways, from encrypted disks to a locked-down boot manager. I doubt they were doing that at the time of the anecdote, but it was possible and makes physical access trickier though not impossible to circumvent.

  14. Anonymous Coward
    Anonymous Coward

    I made my work laptop dual boot - one partition for official business, the other for personal use. The work side was so locked down I couldn't even add/remove a printer.

    All was fine until the IT audit which required me to run an app on the machine that would spit out hardware config. I had to manually edit the file to correct the drive details before submitting it.

    Way back in the dim and distant past, I managed to get the root password for a Unix server because the sysadmin's typing was so slow.

    1. The Oncoming Scorn Silver badge

      Dual Boot

      I have a couple of HP Elitebooks of different vintages, with mSata & Sata SSD's installed with two different persona's, one for client facing & one for personal.

      Though these days I keep a vanilla image for any travelling & just use Teamviewer into my desktop.

    2. Anonymous Coward
      Anonymous Coward

      I have admin rights and boot config access to corporate machines because, the day I visited their offices, one helldesk bod had post-it notes with all the passwords he needed glued to the sides of his screen. Several years later, those passwords are still working!

      Anon, because, yeah...

    3. YetAnotherLocksmith Silver badge

      My old boss some 25 years ago had figured out that he could physically pull the hdd out his laptop (very locked down) and clone it, then use the clone. So he hacked that, and simply swapped the drive depending what needed done.

      The reason? The IT support was so rubbish, and the backup regime was so rubbish, that when Access (the only tool we could use! Everything had to be in VB for Access! And that was already working around the rules to a huge degree.) crapped out, he could restore the database files from something from the last 48 hours, and do it today, rather than wait a week or more for a 2 month old version!

  15. aerogems Silver badge

    Vaguely reminds me of a previous job as a repair tech for a now defunct retailer. We were all expected to log our repairs into the POS system so they could be billed, but of course they limited access to the proper functions to only a couple of accounts. So someone literally taped a post-it on the bottom of the keyboard with the login credentials. When I left on less than amicable terms, I made sure to send a message to the upper management suggesting they go take a look under that keyboard. Not sure if anyone did, but happened to run into one of my former colleagues not too long after and it turns out very shortly after I left they shut down that special internal "store" so there's at least a decent chance someone did as I suggested.

  16. This post has been deleted by its author

  17. Tom 7

    I used to use a bit of code that crashed

    leaving me at a much higher security level than I had as a user. We used a VAX 8600 with VMS and originally we only had a couple of dozen engineers using it and then someone decided to put 120 secretaries doing word processing on it. This meant that during the day jobs that used to run in just a few minutes could now take hours. There was a program on the system that crashed almost as soon as it was run and one day I'd discovered that it left me in some kind of admin level so I could raise my job priority to near max and the job would whizz along and finish in seconds before anyone could complain or seemingly track what I was doing. I didnt do it very often - generally when I needed to finish the job before a meeting or pub o'clock on a Friday but it saved me many an hour of finger drumming.

  18. Marty McFly Silver badge
    Pint

    Proudly....

    ...one of the first three students to get Internet access way back in 1988. Shared bank of three 2400-baud dial-up modems.

    Not so proudly...one of the first two students to get Internet access revoked. Evidently running fakemail scripts and sending email to your instructors is frowned upon...

  19. Dskzz

    Always value your kobiyashi maru-ers

    The dudes and dudettes who are able to bend the rules to overcome manmade obstacles to achieve a positive end are always going to be the ones who excel the most and solve the real problems of the world.

  20. hayzoos

    Forgotten username program

    While at college, I wrote a program to help students retrieve their username. At the time, many students did not have to use the VAX computer system except to check exam results or such. Many forgot their username which seemed very cryptic. I suspected it was based on the student ID. After some reverse engineering, I proved my theory. A relatively simple mathematical manipulation and number/letter substitution with a few logical rules converted the student's ID number into their username. I loaded it onto the three PCs in the lab and posted a sign indicating it's presence by the name of username.bat Considering it may take a day or so if the service desk was queried, this was well received by the forgetful students. Not so much by the VAX admins. The program prompted the student for their ID and returned their username for the VAX. I do not know exactly why the VAX admins despised it, there were a few possible reasons. But the student ID was the student's Social Security Number. It seems many think the SSN needs to be kept secret.

  21. Anonymous Coward
    Anonymous Coward

    Back in the late 1980s in our class of Computer Systems students, one guy had a script running on the departmental VAX (8800 IIRC), which was running Ultrix (DEC's Unix pre POSIX). This task ran most of the time, trying to crack the root password. Of course he got caught and had to grovel to the sysadmins. There was talk of him being awarded an eventual Pass or Third degree (but no higher) depending on how well he grovelled and promised never to do it again; no idea if that's what happend. If you recognise the name task_15 you know who you are :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like