Can't believe they were dumb enough to leave the root password blank
Many years ago when I was a spotty teenager, I hacked into the local university's PR1ME computers because of a similar stupidity. They had SYSTEM (i.e. root) accounts on some of them without a password. Since they didn't have a project (i.e. resources for CPU time, storage, etc.) assigned if you tried logging in as SYSTEM it would immediately log you out - the equivalent of setting the shell to /bin/false on Unix.
However, when I was exploring I found out about a command called 'arid' - add remote ID - which would enable you to visit the filesystem of another network connected PR1ME from the one you logged into, and you'd have the rights of the remote ID you'd given in 'arid' instead of your own rights. So basically I was SYSTEM on the ones that had a blank password. I was able to use that permission to run the user creation program and create myself a system level account and used the project number of one of their sysadmins who had nearly unlimited resources. That enabled me to login and have ability to do anything I wanted (which really wasn't much, I wasn't causing any damage)
Took them a while to catch me since I was dialing in and they didn't have caller ID on their PBX. I think at some point I was lazy and logged in to my created account on the same phone call I had logged in to my dad's account instead of disconnecting and redialing like I always did. Their main interest when they caught me was finding out how I did it, and I have to admit I enjoyed seeing the hand hitting forehead moment for the head guy when I told him it was because of there was no password set on some of the system accounts, and he said "but you can't login to them" and I told him about 'arid' :)
Biting the hand that feeds IT
