Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Started sniffing the packets on a public wifi hotspot. Found someone was reading TheHackerNews and got excited.😲 Later realised it was myself. 😯9
-
We build a backup infrastructure at work to make sure that clients can restore their files and databases themselves when something gets fucked up.
We also have step by step tutorial on how to do this.
Every fucking day we get requests to restore backups.
Mostly used reason is "I'm a technical so I won't understand it".
With all due respect, if you don't understand this and keep asking without even trying, please don't host with us.
Because, if you did as I asked and actually read through the entire article, you would.
In case you're wondering, anytime one of us asks what part they don't understand, that question is simply ignored and they pushing for us restoring it anyways continues.
Sometimes they get angry and want to talk to someone higher up or start complaining that they're paying loads of money already and that it would just take us a second anyways.
If you would read the fucking tutorial/manual instead of trying to eat out your mother's badly shaved pussy and hopefully choke on it while you're at it, you wouldn't come asking us for it.
If you genuinely don't understand this article, feel free to ask but also provide us with cocksucking feedback.
Why do you think you have the right anyways to ask us to do it for free? We maintain the backup infrastructure which definitely isn't cheap but we do it so that you, pubic sniffing weazel, can do this shit on your fucking own.
You're entitled to ask us for help but not for asking us to restore your bullshit for free every freaking time.
Tip: give your parents some condoms. Because that way they hopefully won't reproduce again, we don't need more of you in this universe.7 -
Buckle up kids, this one gets saucy.
At work, we have a stress test machine that trests tensile, puncture and breaking strength for different materials used (wood construction). It had a controller software update that was supposed to be installed. I was called into the office because the folks there were unable to install it, they told me the executable just crashed, and wanted me to take a look as I am the most tech-savvy person there.
I go to the computer and open up the firmware download folder. I see a couple folders, some random VBScript file, and Installation.txt. I open the TXT, and find the first round of bullshit.
"Do not run the installer executable directly as it will not work. Run install.vbs instead."
Now, excuse me for a moment, but what kind of dick-cheese-sniffing cockmonger has end users run VBScript files to install something in 2018?! Shame I didn't think of opening it up and examining it for myself to find out what that piece of boiled dogshit did.
I suspend my cringe and run it, and lo and behold, it installs. I open the program and am faced with entering a license key. I'm given the key by the folks at the office, but quickly conclude no ways of entering it work. I reboot the program and there is an autofilled key I didn't notice previously. Whatever, I think, and hit OK.
The program starts fine, and I try with the login they had previously used. Now it doesn't work for some reason. I try it several times to no avail. Then I check the network inspector and notice that when I hit login, no network activity happens in the program, so I conclude the check must be local against some database.
I browse to the program installation directory for clues. Then I see a folder called "Databases".
"This can't be this easy", I think to myself, expecting to find some kind of JSON or something inside that I can crawl for clues. I open the folder and find something much worse. Oh, so much worse.
I find <SOFTWARE NAME>.accdb in the folder. At this point cold sweat is already running down my back at the sheer thought of using Microsoft Access for any program, but curiosity takes over and I open it anyway.
I find the database for the entire program inside. I also notice at this point that I have read/write access to the database, another thing that sent my alarm bells ringing like St. Pauls cathedral. Then I notice a table called "tUser" in the left panel.
Fearing the worst, I click over and find... And you knew it was coming...
Usernames and passwords in plain text.
Not only that, they're all in the format "admin - admin", "user - user", "tester - tester".
I suspend my will to die, login to the program and re-add the account they used previously. I leave the office and inform the peeps that the program works as intended again.
I wish I was making this shit up, but I really am not. What is the fucking point of having a login system at all when your users can just open the database with a program that nowadays comes bundled with every Windows install and easily read the logins? It's not even like the data structure is confusing like minified JSON or something, it's literally a spreadsheet in a program that a trained monkey could read.
God bless them and Satan condemn the developers of this fuckawful program.8 -
Some fucker installed a keylogger on my Ubuntu laptop at home and registered it as a systemd service. From Wireshark, it's sending each keystroke to a server in France using irc. Tried accessing the server but the moron shut it down immediately. It's the last time am fucking installing code from prebuilt binaries. If I can't build it from source then fuck off your sniffing cunt. I was about to log in into a database from that machine.
UPDATE: I found the actual file sending the keystrokes but it's binary. Anyone know how I can decode a binary file?36 -
I’ve started the process of setting up the new network at work. We got a 1Gbit fibre connection.
Plan was simple, move all cables from old switch to new switch. I wish it was that easy.
The imbecile of an IT Guy at work has setup everything so complex and unnecessary stupid that I’m baffled.
We got 5 older MacPros, all running MacOS Server, but they only have one service running on them.
Then we got 2x xserve raid where there’s mounted some external NAS enclosures and another mac. Both xserve raid has to be running and connected to the main macpro who’s combining all this to a few different volumes.
Everything got a static public IP (we got a /24 block), even the workstations. Only thing that doesn’t get one ip pr machine is the guest network.
The firewall is basically set to have all ports open, allowing for easy sniffing of what services we’re running.
The “dmz” is just a /29 of our ip range, no firewall rules so the servers in the dmz can access everything in our network.
Back to the xserve, it’s accessible from the outside so employees can work from home, even though no one does it. I asked our IT guy why he hadn’t setup a VPN, his explanation was first that he didn’t manage to set it up, then he said vpn is something hackers use to hide who they are.
I’m baffled by this imbecile of an IT guy, one problem is he only works there 25% of the time because of some health issues. So when one of the NAS enclosures didn’t mount after a power outage, he wasn’t at work, and took the whole day to reply to my messages about logins to the xserve.
I can’t wait till I get my order from fs.com with new patching equipment and tonnes of cables, and once I can merge all storage devices into one large SAN. It’ll be such a good work experience.
7 -
Where the fuck my privacy go?
I'm paying you to listen to music or watch films, I don't want you to create a damm profile my taste or "learn" what might like.
If it was a free service, fine, I'd understand, but I am fucking pying you. I should have the option to completely disable your arse sniffing software.
I know some of them provide a "private mode", but I want that to be the default, I am paying for the god damn service :/6 -
I get really defiant when i repeatedly get micromanaged with bullshit instructions, such as asking me to have my just started c++ library poc which also involves a lot of learning and will earliest be usable in a few months, "ready for our customer devs" in 2 weeks from now.
just no, you fucking retard.
also, the lib alone wouldn't make any sense, since the code parts working with it don't yet exist at all.
and then getting instructed to ask customers if they can provide you with c++ code that solves the task for them in their own software, which of course will somehow magically fit in my existing codebase. even if it existed (which it fortunately doesn't because they do everything in C#), i don't think i'm going to be faster trying to somehow solder in their code into my library, of which i'm still brainstorming about the general architecture.
if you have so fucking unrealistic expectations, maybe stop sniffing glue all day and don't make this my fucking problem.3 -
After EVERY. FUCKING. RESTART... I have to delete one of my keyboard layouts and re-add it so Im able to switch between them. Its been a YEAR now! But hey! Notepad has tabs now! M$...Bunch of glue sniffing monkeys...
12 -
It's cute how most companies think that someone will take the time to personally hack them. Like nah mate there's countless bots running around the internet like a rabid pack of dogs sniffing ip addresses and running exploit, one of the stragglers will pick you off...
-
Story Time!
Tittle: About Larry.
Fun Game: Tell me if / when in this story you know the plot twist.
Setting: Years ago, non coding job.
I work with Larry a lot, Larry works remote. In technical terms Larry is senior to me and I escalate some technical issues that get assigned to Larry. I've never met Larry in person.
Larry can be hard to work with, but he's plenty good at his job and I don't mind his prickly side. Sometimes it takes telling Larry something a few times before it sinks it, but that's not a big deal. Sometimes it seems like Larry doesn't remember his cases entirely, but he has a lot of cases. Also Larry has good reason for how he works considering the land of scubs who usually escalate to him without any thought / effort.
Larry's escalation team is short staffed and they're trying to hire folks, but that's been like that forever.
So one day I get an email that Larry is going to be out of the office for a few weeks. Nothing unusual there.
My current case that I share with Larry sort of floats in limbo for a while. The customer is kinda slow to respond anyhow and there's nothing that I need Larry for.
Finally I get automated notice that my case has had a new escalation engineer. Laura. Laura is much more positive and happy compared to Larry. Understandably Laura isn't up to date on the case so we go back and forth with some emails and notes in the case.
The case is moving along just fine, we're making progress, but it's slow because of the customer's testing procedures. Then we hit a point where this customer's management pushes on sales for a solution (this customer's management is known for doing this rando like for no reason).
Down the management chain it goes and everyone wants a big conference call to get everyone up to date / discuss next steps (no big deal).
Now I really don't want to do this with Laura and throw her into the deep end with this customer, she doesn't have the background and I'd rather do this call with Larry & Me & Laura. Also according to the original email Larry is due back soon.
I start writing an email to Laura about "Let's try to schedule this for when Larry gets back."
Then I stop ... I don't really know why I stop but when it is a "political case" I want some buy in on next steps from management so I go talk to my manager.
-Plot Twist Incoming-
Long story short, my manager says:
"Laura IS Larry..."
O
M
G
I had no idea. Nobody told me, nobody told ANYBODY, (except a couple managers).
Back up a few months Larry apparently went to his managers and told them he was going to transition, surgery and all, in a few months.
Managers wondering how to address this went to HR and some new hire very young to be a manager HR manager drone logiced out in her bonkers head that "Well it shouldn't matter so don't tell anyone."
ARE YOU FUCKING KIDDING ME!!??
Thank god I didn't send that email...
I did send an email to Laura explaining that I had no idea and hoped I didn't say anything stupid. She was very nice about it and said it was all good.
After that incident made the management rounds (management was already fuming about being told not to tell anyone) things came to another critical point.
Laura was going to visit the company HQ. Laura had been there before, as Larry, everyone knew her as Larry... nobody (outside some managers) knew Laura was Larry either. With nobody knowing shit Laura was going to walk in and meet everyone ...
One manager at HQ finally rebelled and held a meeting to tell his people. He didn't want Laura walking in and someone confused, thinking it was a joke or something horrible happening.
HR found out and went ballistic. They were on a rampage about this other manager, they wanted to interview me about how I found out. I told HR to schedule their meeting through my manager (I knew they didn't want my manager to know they were sniffing around).
Finally the VP in our department called up the HR head and asked WTF was going on / kind of idiots they had over there (word has it legal and the CEO were on the call too).
HR had a change in leadership and then a couple weeks later there were department wide meetings on how to handle such situations and etc.27 -
I have already done like 3 internships of 6 months now. And all the companies sucked!
Now the current company I work at is at least not a marketing company filled with cocaïne sniffing callcenter junkies. But why do they always lie so much. They promised free food and drinks and code reviews. What I get is a computer with an i5 and a fucking Jira account.
This is fucking annoying me, im hungry, thirsty and somebody should really check the code im about to push because it cant be good!!!3 -
Wooo hoo! I got suspended from reddit!
Never happened before to me (not site wide at least). Apparently for 'report abuse' from some report I must have made like a month ago?
Some user posting in a sub apparently had a theory that a bunch of other subs and other users were in on some conspiracy against them, supposedly sending death threats and 'spreading lies'.... kinda hard to imagine that some subs with thousands (some with millions) of users are all in on this wonky conspiracy against them....
So anyway I report his nasty little post to the local moderators of that sub because it usually is a chill sub and his post is full of insults and so on.
Turns out... that guy is also a mod of the sub I reported him to.
A month later I get suspended from reddit for 'report abuse'... of course I can't see the 'report abuse' (can't see reports...) so how do you even speak intelligently / appeal?
Moderation at scale is hard, but kinda crazy to think someone employed at reddit decided "yeah this crazy guy is right" and does their bidding ...
I used to moderate a busy gaming forum, and sniffing out the crazy folks was part of the job when accepting new moderators. Wasn't that hard...
Granted no big loss here, just a few days.9 -
This happened a few years ago. We started this new project that was estimated to take 3 devs around 5 months to complete. We had a meeting where the client, the project manager, me and two other devs were present. When the client asked if we were still on track to complete the project by the end of September, the PM just said “yeah we are totally on track, no worries”.
Me and the other devs looked us straight in the eyes and nonverbally agreed that this guy has to be sniffing glue or something. For context: it was August.
After the meeting we immediately raised our concerns with him and our boss. The deadline was shifted and a freelancer was hired to assist. The PM quit shortly after and a way more competent guy took over. But the damage was already done.
In the end we finished that project in February or March the following year. Client was still happy but this shit triggered a whole clusterfuck of a year. Other projects were lagging behind because of this and we had to push out project after project that had accumulated in our backlog. -
Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!
System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.
Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.
Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.
That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.
We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.
Hella excited about this!
If you guys have any suggestions let us know. We are utter noobs when it comes to this.6 -
I'm considering quitting a job I started a few weeks ago. I'll probably try to find other work first I suppose.
I'm UK based and this is the 6th programming/DevOps role I've had and I've never seen a team that is so utterly opposed to change. This is the largest company I've worked for in a full time capacity so someone please tell me if I'm going to see the same things at other companies of similar sizes (1000 employees). Or even tell me if I'm just being too opinionated and that I simply have different priorities than others I'm working with. The only upside so far is that at least 90% of the people I've been speaking to are very friendly and aren't outwardly toxic.
My first week, I explained during the daily stand up how I had been updating the readmes of a couple of code bases as I set them up locally, updated docker files to fix a few issues, made missing env files, and I didn't mention that I had also started a soon to be very long list of major problems in the code bases. 30 minutes later I get a call from the team lead saying he'd had complaints from another dev about the changes I'd spoke about making to their work. I was told to stash my changes for a few weeks at least and not to bother committing them.
Since then I've found out that even if I had wanted to, I wouldn't have been allowed to merge in my changes. Sprints are 2 weeks long, and are planned several sprints ahead. Trying to get any tickets planned in so far has been a brick wall, and it's clear management only cares about features.
Weirdly enough but not unsurprisingly I've heard loads of complaints about the slow turn around of the dev team to get out anything, be it bug fixes or features. It's weird because when I pointed out that there's currently no centralised logging or an error management platform like bugsnag, there was zero interest. I wrote a 4 page report on the benefits and how it would help the dev team to get away from fire fighting and these hidden issues they keep running into. But I was told that it would have to be planned for next year's work, as this year everything is already planned and there's no space in the budget for the roughly $20 a month a standard bugsnag plan would take.
The reason I even had time to write up such a report is because I get given work that takes 30 minutes and I'm seemingly expected to take several days to do it. I tried asking for more work at the start but I could tell the lead was busy and was frankly just annoyed that he was having to find me work within the narrow confines of what's planned for the sprint.
So I tried to keep busy with a load of code reviews and writing reports on road mapping out how we could improve various things. It's still not much to do though. And hey when I brought up actually implementing psr12 coding standards, there currently aren't any standards and the code bases even use a mix of spaces and tab indentation in the same file, I seemingly got a positive impression at the only senior developer meeting I've been to so far. However when I wrote up a confluence doc on setting up psr12 code sniffing in the various IDEs everyone uses, and mentioned it in a daily stand up, I once again got kickback and a talking to.
It's pretty clear that they'd like me to sit down, do my assigned work, and otherwise try to look busy. While continuing with their terrible practices.
After today I think I'll have to stop trying to do code reviews too as it's clear they don't actually want code to be reviewed. A junior dev who only started writing code last year had written probably the single worst pull request I've ever seen. However it's still a perfectly reasonable thing, they're junior and that's what code reviews are for. So I went through file by file and gently suggested a cleaner or safer way to achieve things, or in a couple of the worst cases I suggested that they bring up a refactor ticket to be made as the code base was trapping them in shocking practices. I'm talking html in strings being concatenated in a class. Database migrations that use hard coded IDs from production data. Database queries that again quote arbitrary production IDs. A mix of tabs and spaces in the same file. Indentation being way off. Etc, the list goes on.
Well of course I get massive kickback from that too, not just from the team lead who they complained to but the junior was incredibly rude and basically told me to shut up because this was how it was done in this code base. For the last 2 days it's been a bit of a back and forth of me at least trying to get the guy to fix the formatting issues, and my lead has messaged me multiple times asking if it can go through code review to QA yet. I don't know why they even bother with code reviews at this point.18 -
This co-worker was straight out nuts who bullshitted his way into the company. Man he smelt like shit. The fucked up part was one day I noticed my other co - workers walking behind him weirdly. Well word got around that he shit his pants and the other co workers were walking behind him sniffing his pants having a laugh. I still don't know where we got these workers from.
-
Do you trust github/gitlab/bitbucket? If you self-host, do you trust your hosting? do you trust gitea? if you don't use gitea, do you trust git? do you trust the way you got your copy of git? do you trust your os, as it might have tampered with your git? did you read the code? do you trust your internet connection that might have changed some packets? do you trust your https implementation? did you examine the traffic? do you trust your traffic sniffing tool? if you use your own hardware, do you trust it? do you trust its CPU/bios? if it's risk-v, do you trust chinese vendors of your cpu? they might have put some backdoors there. do you trust your other hardware? okay, you have the money to make your own cpus. do you trust your employees? do you trust your silicon? do you trust the measuring equipment you used to check if your cpu is safe? do you trust the literature in the field? but did you verify it though? did you?
it's always who you trust. if you want to bake an apple pie from scratch, you must first create the universe.9 -
Hmm I'm thinking of reverse engineering an old game client and trying to rebuild the backend server from scratch... In a different language..
Quite a big idea 😅 but it should be very educational! Anyone got some tips and or tricks for reverse engineering? Or some pitfalls I should avoid?4 -
Coding gameserver emulators. It's always fun to code for a game which you don't have to do any of the artistic side and all of the functionality side.
Also network packet sniffing and trying to figure out what each this is is pretty fun. Love it.2 -
my sophomore year of highschool I went to a public hangout / study area after class was over and installed a raspberry pi above the ceiling tile. I ran a cord along the wall and into the ceiling to power the device. I ran a sniffing script over the next few weeks and collected all the user/pass data that went through in plaintext. You'd be surprised what goes unencrypted... ;)1
-
New ad self-service portal too hard to integrate ssl and can't have users send their passwords in plaintext.
Setup apache proxy with ssl in same vpc to encrypt traffic to and from vpc.
All good as long as nobody is in my vpc sniffing traffic... -
i've been using debian with xfce for 2 years, and i'm now planning to migrate to arch with xmonad for some freshness. i'm reluctantly peeking out of my comfort zone and sniffing like a cat, any tips appreciated.
-
Just bitched out the same customer service woman telling her I wish her and everyone like her would just die so I wouldn't have to waste another day recovering my own goddamn property i keep double paying for.
I'm sick of having to buy the same movies and games just so some butt sniffing pederast can have a pay check.
speaking of pederasts, table 2 just showed up. more assholes with potential copies in the same places. while two creepers i could also photograph sit behind me for some reason.
so sick of repetition.
and you fucking cunts wouldn't even need to be bothered with this if you hadnt stolen soooo much of my time without adequate recompense.
not that i'd of course agreed to this insanity.
but these people should have to suffer AND pay us.2 -
Ugh. Just found some really old script where I was using UA sniffing to change content. Super-restrictive CMS FTW.
Top Tags
Weekly Rant
View