65
Jacobgc
3y

Not really dev as much but still IT related πŸ˜‚

in college we got some new macs in our class. Before we were allowed to use them the "IT Tech" came in and did something to them all (probably ran some scripts to set stuff up)

Anyway, I was completely new to OS X and accidentally pressed a key combo that opened up a dialogue to connect to a remote file server. I saw the address field was already filled out (from when the IT Tech was running the scripts). So me being me I decided to connect. Low and behold my student credentials got me in.

Taking a look around I found scripts, backups and all sorts of stuff. I decided to look at some of the scripts to see what they did. One of them was a script to add the Mac to the domain. Here's the funny part. The login to do that was hard coded into the script....

To conclude. I now have domain level access to my whole college network πŸ™ƒ

Tl;Dr: stupid it tech saves password in script. I find it. I now have domain level access to the college network

Comments
  • 14
    While reading this I was washing my hands. As soon as I read "hardcoded" I stopped moving them and looked into the mirror with an expression of dubiousity.
  • 18
    Just make sure you don't get caught. You might also want to anonymously report this security breach.
  • 31
    "my student credentials got me in"

    .... What could possibly go wrong...?
  • 8
    Welcome to devRant!
    As others have said, be careful not to get caught and anonymously report both security holes - your privileged student credentials and the hardcoded password.
  • 11
    I wouldn't even anonymously do it, I'd flat out tell them that YOU found a security loop hole.
    But yeah, you're treading on very thin ice.
  • 16
    "TLDR" should come at the very top, otherwise there's no point... [read more]
  • 7
    I think that at some point it may sound cool to have access to some restricted areas due to an IT fuck up, but you don't need it, and it could get you in serious troubles. If you hide it now, when someone find out ( and someone will ) you will burn. But if you report it as @Dairattez suggested, you're gonna be doing something good for your college's security. You may even be able to hear the storm that will fall over the IT guy who screw it so bad. Think about it, man.
  • 1
    Holy moly that's amazing
  • 2
    Find server ips and add a cron job to reboot every friday at 3

    #evil
    #punishment
  • 3
    I would unenroll immediately
  • 1
    @Dairattez We just use it to make life a lot easier. Our course is mostly web development. So we just use it to install things here and there. But only on our user.
  • 1
    @JCAP it's a team of 5 that manage over 15 campuses. They really don't have time to read logs.
  • 3
    @jacobgc first rule of being a programmer/developer: if it can go wrong, assume that it will
  • 1
    @JCAP True. True.
  • 2
    You should probably send them a message via blankstamp.io
  • 0
    @faheel I tried to click that at least 3 times... I think I need sleep
Add Comment