Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "navy story"
Hello everyone, found this place recently, decided to bore you with one (or many) Navy story... tech Navy story. I'll start from the end.
Little backstory: I've deployed a simple domain setup on the ship I served, nothing fancy, a server, a switch, 10 computers, all Windows (details on that at another rant). I enter the ship Monday morning, and the XO tells me that he can't access his online folders.
OK, I say, I'll get to it. I fire up my laptop, try to RDP to the server (I know, I know, burn me at the stake later) no connection. WTF? Is the service down? I try pinging. No luck. I tried pinging the switch. OK. Looking at the switch admin panel, I see the server's port is dead. "OK, probably the cable." (we have old ethernet cables)
So, I drag my ass over to the server (same room with ship comms) with the cable tester to confirm that. What do I see?
The IMBECILES had pulled the plug from the server so that they could charge their mobile phones. I literally slammed my head against the door (calming exercise in case of spontaneous murder impulses - the things you learn at the Academy). My CO was nearby, and lucky for the guys, he heard me yell at them, while throwing mobiles and chargers around.
"But we thought it was OK, we just wanted to charge our-"
I kid you not, I reached for the firefighter's axe.
My CO grabbed me by the collar and dragged me to his room. I explained to him (between two cigarettes) that we MUST get a UPS and a server cabinet (budget constraints in the military are something that will give you people nightmares, trust me). I carefully explained to him that unless we got those, nothing would prevent the next moron from destroying confidential data and me from murdering him.
I plugged in and booted the server, after installing a multi socket extension. Two days after, surprise surprise, the server was off again. That was the first time I opened the door to the CO's room with a low kick. I must have looked like a psycho on drugs, he gave approval for the purchase in twenty seconds flat.
After that, I installed the UPS and the cabinet. Everything went inside, from the UPS to the very plugs. Just a locked box with cables coming out.
One of the guys came to my room, and asked if I could unlock the cabinet so that they could plug a "device" they needed.
I actually reached for my folding knife.
Disclaimer: The story above is TRUE. Even the almost violent parts.25
Navy story time, and this one is lengthy.
As a Lieutenant Jr. I served for a year on a large (>100m) ship, with the duties of assistant navigation officer, and of course, unofficial computer guy. When I first entered the ship (carrying my trusty laptop), I had to wait for 2 hours at the officer's wardroom... where I noticed an ethernet plug. After 15 minutes of waiting, I got bored. Like, really bored. What on TCP/IP could possibly go wrong?
So, scanning the network it is. Besides the usual security holes I came to expect in ""military secure networks"" (Windows XP SP2 unpatched and Windows 2003 Servers, also unpatched) I came along a variety of interesting computers with interesting things... that I cannot name. The aggressive scan also crashed the SMB service on the server causing no end of cute reactions, until I restarted it remotely.
But me and my big mouth... I actually talked about it with the ship's CO and the electronics officer, and promptly got the unofficial duty of computer guy, aka helldesk, technical support and I-try-to-explain-you-that-it-is-impossible-given-my-resources guy. I seriously think that this was their punishment for me messing around. At one time I received a call, that a certain PC was disconnected. I repeatedly told them to look if the ethernet cable was on. "Yes, of course it's on, I am not an idiot." (yea, right)
So I went to that room, 4 decks down and 3 sections aft. Just to push in the half-popped out ethernet jack. I would swear it was on purpose, but reality showed me I was wrong, oh so dead wrong.
For the full year of my commission, I kept pestering the CO to assign me with an assistant to teach them, and to give approval for some serious upgrades, patching and documenting. No good.
I set up some little things to get them interested, like some NMEA relays and installed navigation software on certain computers, re-enabled the server's webmail and patched the server itself, tried to clean the malware (aka. Sisyphus' rock), and tried to enforce a security policy. I also tried to convince the CO to install a document management system, to his utter horror and refusal (he was the hard copy type, as were most officers in the ship). I gave up on almost all besides the assistant thing, because I knew that once I left, everything would go to the high-entropy status of carrying papers around, but the CO kept telling me that would be unnecessary.
"You'll always be our man, you'll fix it (sic)".
What could go wrong?
I got my transfer with 1 week's notice. Panic struck. The CO was... well, he was less shocked than I expected, but still shocked (I learned later that he knew beforehand, but decided not to tell anybody anything). So came the most rediculous request of all:
To put down, within 1 A4 sheet, and in simple instructions, the things one had to do in order to fulfil the duties of the computer guy.
I. SHIT. YOU. NOT.
"What I can do is write: 'Please read the following:', followed by the list of books one must read in order to get some introductory understanding of network and server management, with most accompanying skills."
I was so glad I got out of that hellhole.9
During a penetration test, I was dropped off in a Navy SEAL Ranger Black Hawk helicopter on the top of a 300 story building. I repelled to the 150th floor with fishing line, carved out a window, and installed Kali on the office door knob. I then typed out l337 HTML code in notepad and gained access to the mainframe. Then, some guy named John McClane wouldn't stop asking me for advice as I roped down the elevator shaft cable. I then walked outside, got my shoe shined, and the CEOs daughter came up to me saying she wants to take me to dinner because I'm the most l337 of the l337.11
Navy story time again. Grab that coffee and fire up Kali, the theme is security.
So, when I got promoted to Lieutenant Jr. I had to attend a 1-year school inside my nostalgic Naval Academy... BUT! I was wiser, I was older... and I was bored. Like, really bored. What could go wrong? Well, all my fellow officers were bored too, so they started downloading/streaming/torrenting like crazy, and I had to wait for hours for the Kali updates to download, so...
mdk3 wlan0mon -d
I had this external wifi atheros card with two antennae and kicked all of them off the wifi. Some slightly smarter ones plugged cables on the net, and kept going, enjoying much faster speeds. I had to go to the bathroom, and once I returned they had unplugged the card. That kind of pissed me off, since they also thought it would be funny to hide it, along with the mouse.
But, oh boy, they had no idea what supreme asshole I can be when I am irked.
So, arpspoof it is. Turns out, there were no subnetworks, and the broadcast domain was ALL of the academy. That means I shut EVERYONE off, except me. Hardware was returned in 1 minute with the requested apologies, but fuck it, I kept the whole academy off the net for 6 hours. The sysadmin ran around like crazy, because nothing was working. Not even the servers.
I finally took pity on the guy (he had gotten the duties of sysadmin when the previous sysad died, so think about that) and he almost assaulted me when I told him. As it turned out, the guy never had any training or knowledge on security, so I had to show him a few things, and point him to where he could study about the rest. But still, some selective arp poison on select douchebags was in order...
Needless to say, people were VERY polite to me after that. And the net speed was up again, so I got bored. Again. So I started scanning the net.
To be continued...3
Navy story continued.
And continuing from the arp poisoning and boredom, I started scanning the network...
So I found plenty of WinXP computers, even some Win2k servers (I shit you not, the year was 201X) I decided to play around with merasploit a bit. I mean, this had to be a secure net, right?
Like hell it was.
Among the select douchebags I arp poisoned was a senior officer that had a VERY high idea for himself, and also believed he was tech-savvy. Now that, is a combination that is the red cloth for assholes like me. But I had to be more careful, as news of the network outage leaked, and rumours of "that guy" went amok, but because the whole sysadmin thing was on the shoulders of one guy, none could track it to me in explicit way. Not that i cared, actually, when I am pissed I act with all the subtleness of an atom bomb on steroids.
So, after some scanning and arp poisoning (changing the source MAC address this time) I said...
"Let's try this common exploit, it supposedly shouldn't work, there have been notifications about it, I've read them." Oh boy, was I in for a treat. 12 meterpreter sessions. FUCKING 12. The academy's online printer had no authentication, so I took the liberty of printing a few pages of ASCII jolly rogers (cute stuff, I know, but I was still in ITSec puberty) and decided to fuck around with the other PCs. One thing I found out is that some professors' PCs had the extreme password of 1234. Serious security, that was. Had I known earlier, I could have skipped a TON of pointless memorising...
Anyway, I was running amok the entire network, the sysad never had a chance on that, and he seemed preoccupied with EVERYTHING ELSE besides monitoring the net, like fixing (replacing) the keyboard for the commander's secretary, so...
BTW, most PCs had antivirus, but SO out of date that I didn't even need to encode the payload or do any other trick. An LDAP server was open, and the hashed admin password was the name of his wife. Go figure.
I looked at a WinXP laptop with a weird name, and fired my trusty ms08_067 on it. Passowrd: "aaw". I seriously thought that Ophcrack was broken, but I confirmed it. WTF? I started looking into the files... nothing too suspicious... wait a min, this guy is supposed to work, why his browser is showing porn?
Looking at the ""Deleted"" files (hah!) I fount a TON of documents with "SECRET" in them. Curious...
Decided to download everything, like the asshole I am, and restart his PC, AND to leave him with another desktop wallpaper and a text message. Thinking that he took the hint, I told the sysadmin about the vulnerable PCs and went to class...
In the middle of the class (I think it was anti-air warfare or anti-submarine warfare) the sysad burst through the door shouting "Stop it, that's the second-in-command's PC!".
Stunned silence. Even the professor (who was an officer). God, that was awkward. So, to make things MORE awkward (like the asshole I am) I burned every document to a DVD and the next day I took the sysad and went to the second-in-command of the academy.
Surprisingly he took the whole thing in quite the easygoing fashion. I half-expected court martial or at least a good yelling, but no. Anyway, after our conversation I cornered the sysad and barraged him with some tons of security holes, needed upgrades and settings etc. I still don't know if he managed to patch everything (I left him a detailed report) because, as I've written before, budget constraints in the military are the stuff of nightmares. Still, after that, oddly, most people wouldn't even talk to me.
God, that was a nice period of my life, not having to pretend to be interested about sports and TV shows. It would be almost like a story from highschool (if our highschool had such things as a network back then - yes, I am old).
Navy story time again.
I was a cadet, 1st year, final exams in """CS""". Our """professor""" was handing out the exam sheets, when I told him that one of the questions couldn't be answered by what he had taught. He had supposedly taught us C++ (I would insult every C++ tutorial, however shitty, if I called his class introductory or even elemental).
To give you a better idea of the situation, I'll only say this: one of the questions was "Name three brands of antivirus software."
I. SHIT. YOU. NOT.
This was supposed to be a Naval Academy that trained officers, by the way. Anyway, the question at hand was a program that must use recursion to solve a particular problem. I had been studying programming since high school, so I was not bothered by it, but everyone else was. Anyway...
Once I told him that, he threw a fucking fit. He screamed (as our overseeing officer watched in confusion) that we weren't paying attention, that we were just playing around and watching porn sites (BTW I discovered after that, that most porn videos were on the campus server, in write-protected folders that no student had permission to write, but professors and administrators did. Curious... but my ITSec misdeeds are for another day). Anyway, I got so angry at that idiot, I started writing (yes, programming on paper, if you whine about your IDE/text editor, think about that) the program. Until I found out that I didn't know WTF I was writing. The time was up, however, and I had to give my paper. To this day I have no idea what I wrote and what it did (if anything).
Got perfect score. Only one in class.9
Hello again, everyone. I've been busy with all the paperwork at my ship (will make a post about it later) but for now, I'll bore you with another story (not navy one, fortunately) to justify my slacking off.
And this story... is the story on how I got into ITSec. And it is pretty damn embarrassing. It all began when I was 16. I was hooked on battleknight.gameforge.com, a browser game. My father had just had ADSL installed at our home, and the new opportunities before me were endless. Well...
After I've had my fill with the porn torrents and them opportunities dwindled to just a few dozens, I began searching for free games, and I stumbled on that game. I played a lot, but as a free-to-play game, it was also pay-to-win. I didn't have a credit card, so I paid for a few gems with SMS messages. Fast forward a couple of years, I got into the Naval Academy. A guy came in to advertise something (I think it was an encyclopaedia or something - yes, wikipedia wasn't a thing back then) and to pay for it, we could apply for a credit card. So I applied. And I resisted the temptation for a year.
Note: prepaid wasn't that known where I live, so using credit cards was the only way for online transactions.
So I made 1 transaction. Just one. After a couple of months my monthly report from the bank came, showing a 2.5$ (I think) transaction on Paypal. I paid no mind, thinking that it was some hidden fee. Oh boy, I shit you not, I was THAT much of an idiot. Six months later, BOOM!
600$ transaction to ebay via paypal. You can imagine all those nice things that came to my mind. In any case, the bank accepted my protest that I filed at their central offices and cancelled the transaction. I promptly cancelled my card, destroyed it right there for good measure, and got to thinking... what the fuck just happened?
As many people here, I am afflicted with a deadly virus, called curiosity. I started researching the matter, trying to figure out how. And, because I didn't like black boxes and "it is just like it is" explanations, I tumbled down the rabbit hole of ITSec. I soon found out that, not only it was possible, but also it was sometimes EXTREMELY easy to steal credit card info. There are sites, to this very day, that store user info (along with credit cards info) IN FUCKING CLEARTEXT. Sometimes your personal, financial and even medical info are just an SQLi away.
So, I got very disillusioned on many things. But I never regretted it. It may cause me to age prematurely and will kill me of stroke or heart attack one day, but as I still tumble down the ITSec rabbit hole, I can say with confidence that
I REGRET NOTHING
Plus, my 600$ were returned, so look on the bright side :)2
So... remember my first rants about my network at my last ship?
Well... I had to visit them for an unrelated matter and found out that they are to pass general inspection the next week. Among the inspectors is a member of the cyber defence team. I took a quick look at the network, finding the things I'd expect:
- No updates passed to the server or installed since I left
- No antivirus updates since I left
- All certificates were expired
- Most services were shut down or unused
- All security policies were shut down
- Passwords (without expiration now) were written on post-it and stuck on screens
- ... and more!
I told the XO (the same idiot that complained about them CONSTANTLY) and he just shrugged me off and told me to """fix""" it. In one fucking afternoon.
I. SHIT. YOU. NOT.
The new admin there is a low ranking person who hasn't the faintest idea of how this works, and isn't willing to learn, either. They just dumped the duty on him, and he seems not to care. The cyber security inspector is going to have a field day. Or get grey hairs.
I told the XO that I needed at least a week to get them into working order (I have to re-set up my virtual Windows 2012 R2 server, download 2 years' worth of updates, repair 2 years of neglect etc.). The answer was what I expected:
"You know computers, you can do your magic and get it done in an afternoon."
Thank god I got transferred and don't have to answer to that idiot any more. Now, popcorn time, as I watch the fireworks.
Yes, I am a vengeful guy. I have told them, twice now, of what would happen. They didn't listen. At least now, with an official report on their heads, they just might.7
Navy story time again. Lots of blabbering, you have been warned.
I haven't written for some time, due to paperwork bullshit that can be easily automated by even the most shitty database... no, scratch that, the simplest Excel spreadsheet with basic formulae. But I digress.
On my quest to justify myself being unproductive, I'll share with you a small story I omitted from this post:
The lunacy of the man involved, while certainly entertaining after a few years (and nautical miles) away, is certainly disturbing and most certainly true. (Late disclaimer: ALL my rants are not made-up. This is shit that truly happened before my very eyes, and while I was sober.)
After I set up some cute little stuff to try and get the CO interested, in order to give me permission (and a cut from the budget) to proceed in restructuring and upgrading the ship's net, I tried a more direct approach: connecting and setting up his work laptop with the ship's GPS, radar and AIS receptor via ethernet, and installing an ECS system so that he could monitor the ship's position, movement and targets from his office (the fat fuck couldn't be bothered to go up one deck). A day later he called me to his office.
Expecting some kind of... praise? Permission? Complaints on the font style? whatever, I entered. Oh, how I wish I had not.
I was barraged for TWO FUCKING HOURS by the CO, complaining that I was taking care of the net and PCs and neglecting the Navigation department (I was not, automation is my friend combating moronic paperwork). I would have thought it as just another failed attempt, but after TWO MINUTES from the end of the barrage:
CO:... so, my personal laptop is kind of slow, you think you can do anything about it?
What was rushing through my mind was somewhere between bipolar and multiple personality disorder, with the third option of Alzheimer's disease. I half-expected some Candid Camera crew to pop out, but no.
CO: So? Can you speed up my laptop?
ME: ............................... I don't know, sir, I have paperwork to take care of.
CO: That can wait, surely you can do something about it, you know computers.
ME: [really long pause, blood pressure rising] I'll look into it in a moment, sir.
And I never did. I told of the incident to the ship's doctor, and he expressed great worry over this, but in the end, nothing was done.
My sympathies to everyone who has to interact with non-technicians of the homo sapiens species (ironically, homo sapiens means "wise man" in latin... the irony).4