Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "network administrator"
So I had my exams recently and I thought I'd post some of the most hacky shit I've done there over here. One thing to keep in mind, I'm a backender so I always have to hack my way around frontend!
- Had a user level authentication library which fucked up for some reason so I literally made an array with all pages and user levels allowed so I pretty much had a hardcoded user level authentication feature/function. Hey, it worked!
- CSS. Gave every page a hight of 110 percent because that made sure that you couldn't see part of the white background under the 'background' picture. Used !important about everywhere but it worked :P.
- Completey forgot (stress, time pressure etc) to make the user ID's auto incremented. 'Fixed' that by randomly generating a user id and really hoping during every registration that that user ID did not exist in the database already. Was dirty as fuck but hey it worked!
- My 'client' insisted on using Windows server.Although I wouldn't even mind using it for once, I'd never worked with it before so that would have been fucked for me. Next to that fact, you could hear swearing from about everyone who had to use Windows server in that room, even the die hard windows users rather had linux servers. So, I just told a lot of stuff about security, stability etc and actually making half of all that shit up and my client was like 'good idea, let's go for linux server then!'. Saved myself there big time.
- CHMOD'd everything 777. It just worked that way and I was in too much time pressure to spend time on that!
- Had to use VMWare instead of VirtulBox which always fucks up for me and this time it did again. Windows 10 enjoyed corrupting the virtual network adapters after every reboot of my host so I had to re-create the whole adapter about 20 times again (and removing it again) in order to get it to work. Even the administrator had no fucking clue why that was happening.
- Used project_1.0.zip etc for version control :P.
Yup, fun times!6
Soms week ago a client came to me with the request to restructure the nameservers for his hosting company. Due to the requirements, I soon realised none of the existing DNS servers would be a perfect fit. Me, being a PHP programmer with some decent general linux/server skills decided to do what I do best: write a small nameservers which could execute the zone transfers... in PHP. I proposed the plan to the client and explained to him how this was going to solve all of his problems. He agreed and started worked.
After a few week of reading a dozen RFC documents on the DNS protocol I wrote a DNS library capable of reading/writing the master file format and reading/writing the binary wire format (we needed this anyway, we had some more projects where PHP did not provide is with enough control over the DNS queries). In short, I wrote a decent DNS resolver.
Another two weeks I was working on the actual DNS server which would handle the NOTIFY queries and execute the zone transfers (AXFR queries). I used the pthreads extension to make the server behave like an actual server which can handle multiple request at once. It took some time (in my opinion the pthreads extension is not extremely well documented and a lot of its behavior has to be detected through trail and error, or, reading the C source code. However, it still is a pretty decent extension.)
Yesterday, while debugging some last issues, the DNS server written in PHP received its first NOTIFY about a changed DNS zone. It executed the zone transfer and updated the real database of the actual primary DNS server. I was extremely euphoric and I began to realise what I wrote in the weeks before. I shared the good news the client and with some other people (a network engineer, a server administrator, a junior programmer, etc.). None of which really seemed to understand what I did. The most positive response was: "So, you can execute a zone transfer?", in a kind of condescending way.
This was one of those moments I realised again, most of the people, even those who are fairly technical, will never understand what we programmers do. My euphoric moment soon became a moment of loneliness...21
Windows tells me to „contact the network administrator“.
I yell at the machine: „I AM THE ADMINISTRATOR!!!1!“
Why is Microsoft doing this? Instead of telling me what exactly went wrong, the come up with messages like
“This is not possible”
“Do you want to ask a Friend?”
I really hope the authors of those error messages will burn in hell for that!11
Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”
Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”8
I'm penetrationtesting a network and the servers on said network
The network administrator and IT security officer knows this, because they hired me..
TL;DR a scan caused the network to crash.
Today I received a very angry email going "Stop scanning NOW!" from one of the IT departments.
Apparently I crashed their login server and thus their entire network...
It happened d the first time I scanned the network from the outside and they had spend an entire day figuring out how and repairing the service they thought was the problem, but then it crashed again, when I scanned from within the network.
Now they want to send me a list of IP's that I'm not allowed to scan and want to know exactly what and when I'm scanning...
How crap can they be at their job, if they weren't able to spot a scan... The only reason they found out it was me was because the NA had whitelistet my IP, so that I could scan in peace...5
TLDR: There’s truth in the motto “fake it till you make it”
Once upon a time in January 2018 I began work as a part time sysadmin intern for a small financial firm in the rural US. This company is family owned, and the family doesn’t understand or invest in the technology their business is built on. I’m hired on because of my minor background in Cisco networking and Mac repair/administration.
I was the only staff member with vendor certifications and any background in networking / systems administration / computer hardware. There is an overtaxed web developer doing sysadmin/desktop support work and hating it.
I quickly take that part of his job and become the “if it has electricity it’s his job to fix it” guy. I troubleshoot Exchange server and Active Directory problems, configure cloudhosted web servers and DNS records, change lightbulbs and reboot printers in the office.
After realizing that I’m not an intern but actually just a cheap sysadmin I began looking for work that pays appropriately and is full time. I also change my email signature to say “Company Name: Network Administrator”
A few weeks later the “HR” department (we have 30 employees, it’s more like “The accountant who checks hiring paperwork”) sends out an email saying that certain ‘key’ departments have no coverage at inappropriate times. I don’t connect the dots.
Two days later I receive a testy email from one of the owners telling me that she is unhappy with my lack of time spent in the office. That as the Network Administrator I have responsibilities, and I need to be available for her and others 8-5 when problems need troubleshooting. Her son is my “boss” who is rarely in the office and has almost no technical acumen. He neglected to inform her that I’m a part time employee.
I arrange a meeting in which I propose that I be hired on full time as the Network Administrator to alleviate their problems. They agree but wildly underpay me. I continue searching for work but now my resume says Network Administrator.
Two weeks ago I accepted a job offer for double my current salary at a local software development firm as a junior automation engineer. They said they hired me on with so little experience specifically because of my networking background, which their ops dept is weak in. I highlighted my 6 months experience as Network Administrator during my interviews.
My take away: Perception matters more than reality. If you start acting like something, people will treat you like that.3
*looks for jobs in system administration*
For our client in $location we're looking for a Network and System Administrator ... to manage our local IT infrastructure (so far so good) ... that's Microsoft-based.
Fuck that company.
Requirements: deployment and maintenance of servers, backups and storage, updates, yada yada.. fine with me.
yOU wiLl mAiNtAiN WanBLowS sUrVaR sYsTeMs
Fuck that company too.
Does anyone here in Belgium even work with fucking Linux servers?! Or should I really relocate to the Netherlands to get something decent?!!28
The school I went to didn't have PCs when I first joined (had some RISC OS machines instead). They got Windows 95 PCs eventually and networked them. I had no experience with networking before this, but had a PC at home. We all had mapped drives to resources on the server. The PCs were pretty locked down - no "Run" command etc.
Anyway, one day the head of IT came in to one of the lessons and asked me "how I did it".
What had I done? Well, clearly he had seen something I'd taught one of my friends. I wrote it down for him.
1. Right-click the desktop
2. New shortcut
Such hax, being able to see the file shares on the server.
Shortly after this, all computer areas had signs saying "no shortcuts allowed"...
I got VB script blocked from all the computes in high school
I had a laptop to do my work in class on (my handwriting is terrible, dyslexia and other things) and I was playing around with VB script making a little text adventure game with dialog boxes because I was bored, it got quite long and I was happy with it but then one day when I tried to open the file it said the network administrator had blocked this type of file from being opened... Spoilsports
About slightly more than a year ago I started volunteering at the local general students committee. They desperately searched for someone playing the role of both political head of division as well as the system administrator, for around half a year before I took the job.
When I started the data center was mostly abandoned with most of the computational power and resources just laying around unused. They already ran some kvm-hosts with around 6 virtual machines, including a cloud service, internally used shared storage, a user directory and also 10 workstations and a WiFi-Network. Everything except one virtual machine ran on GNU/Linux-systems and was built on open source technology. The administration was done through shared passwords, bash-scripts and instructions in an extensive MediaWiki instance.
My introduction into this whole eco-system was basically this:
"Ever did something with linux before? Here you have the logins - have fun. Oh, and please don't break stuff. Thank you!"
Since I had only managed a small personal server before and learned stuff about networking, it-sec and administration only from courses in university I quickly shaped a small team eager to build great things which would bring in the knowledge necessary to create something awesome. We had a lot of fun diving into modern technologies, discussing the future of this infrastructure and simply try out and fail hard while implementing those ideas.
Today, a year and a half later, we look at around 40 virtual machines spiced with a lot of magic. We host several internal and external services like cloud, chat, ticket-system, websites, blog, notepad, DNS, DHCP, VPN, firewall, confluence, freifunk (free network mesh), ubuntu mirror etc. Everything is managed through a central puppet-configuration infrastructure. Changes in configuration are deployed in minutes across all servers. We utilize docker for application deployment and gitlab for code management. We provide incremental, distributed backups, a central database and a distributed network across the campus. We created a desktop workstation environment based on Ubuntu Server for deployment on bare-metal machines through the foreman project. Almost everything free and open source.
The whole system now is easily configurable, allows updating, maintenance and deployment of old and new services. We reached our main goal for this year which was the creation of a documented environment which is maintainable by one administrator.
Although we did this in our free-time without any payment it was a great year with a lot of experience which pays off now.
Linux networking: A tragedy in three acts
Wherein the system administrator writes their /etc/network/interfaces file as is the custom.
Wherein the kafkaesque outputs of basic networking commands threaten basic sanity. Behold:
# ifup ens3:1
RTNETLINK answers: File exists
Failed to bring up ens3:1.
# ifdown ens3:1
ifdown: interface ens3:1 not configured
Wherein all sanity is lost:
I am so close to crying it is just not funny, every time i close my eyes I picture Superman's Scream after snapping Zod's neck in man of steel i.e. filled with pain, anguish and not being able to accept what you have become... I am not a dev but I have been glued to a computer screen since 7 years old.
I work for a company as the I.T. Administrator that does quite a bit of specialized work in the regulatory industry and has there own in-house software. This was built by one developer after another, hired straight out of university/college and you cannot believe how big of a monster this became being built with direction from someone who cant code and a bunch of "drunk children" who do not know good principles (swear to god thousands of lines with no comments and no OOP)
Now I am validating and testing a system, i keep being asked if we will be ready by the end of the week and due to my lack of qualifications after dropping out of school I keep thinking yes, but every time i test something I find another problem, I may not be able to code but understanding quickly is my strength and I know this shit is not simple.
I am under constant pressure to deliver something quickly.
Any concerns I raise are almost brushed off because I am an idiot with no qualifications who should be greatful for the work I am doing and the low as balls salary
The problems I solve are commended by the 10+ years of experience senior developer writing the application for us, yet I get shit for taking an hour to find the problem that existed in our network setup because it is the devs job (OMFG HE WOULD NEVER HAVE REALIZED WITHOUT COMING HERE AND LOOKING AT OUR INFRASTRUCTURE... WE WOULD HAVE BEEN STUCK FOR A FUCKING MONTH!!!!)
I see only 2 courses ahead for my life. The easy way and the hard way.
Easy way, buy a gun and end it all.
Suffer for 3 more years in the place that is causing constant breathing difficulty and the occasional pain in my left arm, finish my matric, continue learning to code and leave.
But right now I just want cry scream like Superman!!!6
was a network administrator. have many full stack web and application developers as clients. now want to develop full time after interacting with them for years.
tried making lateral dev movement. failed. fml.
In college, during Novell's heyday, I was working on my Certified Network Administrator certification (totally worthless, in retrospect). As I was becoming an expert in all things Novell, I found a security flaw. Using Visual Basic it was possible to code up an exact replica of the Novell login screen that launched at boot time from a batch file stored on a floppy. You could log peoples' usernames and passwords all day as long as they didn't realize your floppy was in the drive, which worked in certain computer lab setups on campus. I wasn't in it for stealing info or being a criminal. I just did it for the lulz. But if I had gained access to a few of the right computers in admin offices on campus, I could've gotten access to anyone's student profiles and grades.
I‘m currently trying to get an SFTP user for our school's webspace (preinstalled WordPress, don't hate it - it's "great" for non-"it" people) and our network administrator means that he can't create one for me because I would have access to all files on the server.
WTF, you can create SFTP users on Linux and restrict their access and even set a home directory.
Yeah, now we need to forget about themes and plugins in WordPress.
(He said that he also can't create an FTP user)1
So recently I've been feeling like I fooled myself into thinking I'm any good at anything regarding development.
Today I tried to deploy a Console Application that would run nightly. The production systems are much more guarded, as it should be, but I should still be able to schedule a windows task (yeah yeah, windows servers, not the time Linux fanboys and not my choice :P) no problem.
Except I didn't expect that network users can't run jobs, because of a Group Policy about saving passwords on network accounts.
I expected a local administrator account to be available, and it wasn't.
Also a web API isn't available, even though I could telnet to the address on port 443 (HTTPS). A proxy apparently accepts all HTTP/HTTPS traffic and so on.
All this I feel like I should have known....
So am I in my own head, or am I right in thinking maybe I'm not "pro" development yet? Maybe I don't deserve to be "pro".
If I would be a network administrator , I would troll everyone by creating 2 networks, one called x-fast and another called x-slow. Obviously I would reverse them so the one called slow is actually fast, and the fast one is slow. So I can benefit myself from a private network with no one on it because it's "slow" :-)
Evil me or genius?2