Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
!rant
I was in a hostel in my high school days.. I was studying commerce back then. Hostel days were the first time I ever used Wi-Fi. But it sucked big time. I'm barely got 5-10Kbps. It was mainly due to overcrowding and download accelerators.
So, I decided to do something about it. After doing some research, I discovered NetCut. And it did help me for my purposes to some extent. But it wasn't enough. I soon discovered that my floor shared the bandwidth with another floor in the hostel, and the only way I could get the 1Mbps was to go to that floor and use NetCut. That was riskier and I was lazy enough to convince myself look for a better solution rather than go to that floor every time I wanted to download something.
My hostel used Netgear's routers back then. I decided to find some way to get into those. I tried the default "admin" and "password", but my hostel's network admin knew better than that. I didn't give up. After searching all night (literally) about how to get into that router, I stumbled upon a blog that gave a brief info about "telnetenable" utility which could be used to access the router from command line. At that time, I knew nothing about telnet or command line. In the beginning I just couldn't get it to work. Then I figured I had to enable telnet from Windows settings. I did that and got a step further. I was now able to get into the router's shell by using default superuser login. But I didn’t know how to get the web access credentials from there. After googling some and a bit of trial and error, I got comfortable using cd, ls and cat commands. I hoped that some file in the router would have the web access credentials stored in cleartext. I spent the next hour just using cat to read every file. Luckily, I stumbled upon NVRAM which is used to store all config details of router. I went through all the output from cat (it was a lot of output) and discovered http_user and http_passwd. I tried that in the web interface and when it worked, my happiness knew no bounds. I literally ran across the floor screaming and shouting.
I knew nothing about hiding my tracks and soon my hostel’s admin found out I was tampering with the router's settings. But I was more than happy to share my discovery with him.
This experience planted a seed inside me and I went on to become the admin next year and eventually switch careers.
So that’s the story of how I met bash.
Thanks for reading!10 -
Turning 18+ is like getting super user privileges!
Once a adult no more "permission denied" errors!
8 -
Client: We are tired of having to go only to specific users to get things actioned, we need everyone to be given admin access so that we can get work done efficiently
Dev: Highly do not recommend that *outlines the likely consequences*.
Client: We don’t care, we DEMAND you do this. We’ll make sure everyone is careful.
Dev: Ok but I warned you. Please submit this request in writing.
Client: Ok, not sure why you would need that. I told you everything would be fine.
*Not even two days later*
Client: HELP!!! OUR DATA IS NOW COMPLETELY MESSED UP. WE HAVE NO IDEA WHAT WOULD HAVE CAUSED THIS IT’S AS IF EVERYONE IS RANDOMLY DOING WHATEVER THEY WANT HOWEVER THEY WANT IN ORDER TO SUITE THEIR OWN NEEDS. IT MAKES NO SENSE HOW THIS HAS OCCURRED. I TOLD EVERYONE SPECIFICALLY TO NOT CAUSE ISSUES!!! WE NEED THIS FIXED A.S.A.P!!!!!!
Dev: …6 -
Being a user, u watch your processor handle things...! 😪
Become a superuser 🤓
Processor watches you handle everything 😎7 -
Merry Christmas everyone.
I passed this day alone, in another country, away from family, friends and without anyone to hang out with.
On top of that my gf (she lives in my country) posted a video dancing with her ex.
So, enjoy your time with your family and friends, even they're not perfect they love you and care about you.
I m kinda sad right now, but I will fight this. I m gonna be alone and when the year change so i believe its time to strengthen my character.
Happy holidays boys n girls. 🙂4 -
Seriously, y'all shitting on CORS but why? literally, why? it protects you. If you need an external api, could you please be fucking bothered to setup redirects, so it's /api and not fucking https://amazon23984723984723984.aws239847329847230948.spyware/...? duh
people who allow cors from "*" are the same people who always do everything with superuser rights. you're the reason why I always got offers23 -
android studio is TERRIBLE. why cant they just make a fucking good linux installer? they're a fucking half trillion dollars company and can't get their shit together. its terribly unprofessional, and makes vim look like a god. maybe not all of us has have access to nasa's supercomputer and don't have a month for it to start.
here's a story about the installation of android studio on a (fairly high-end) chromebook running gallium:
I went to the website, which by the way could tell I was on linux but still automatically showed me the windows instructions, and downloaded android studio, 1.2 gb for fucks sake! I have a 16 gb hard drive! then it installed, and I closed it, because I was gonna use it later. I had a problem with it the first time, so I reinstalled, and halfway through the installation, IT DECIDED IT NEEDED SUPERUSER PRIVELEGES. fuck that. I restarted the installer, with sudo, and it took about switch as long this time. then, it made me redownload the sdk and all that other bloatware EVEN THOUGH THEY WERE INSTALLED IN SEPARATE FOLDERS AND ALREADY DOWNLOADED. jesus christ, google.3 -
I need someone who knows how to use 'ssh', to help me make a mockery for my game.
Just need to ask a few questions20 -
Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!
System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.
Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.
Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.
That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.
We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.
Hella excited about this!
If you guys have any suggestions let us know. We are utter noobs when it comes to this.6 -
I love working on legacy products. You just need a good shower and possibly a therapist after.
- Sensitive data sent over the internet encrypted with DES (not even 3DES). Guess it doesn't matter that the key (singular, for the last decade) is basically 0123456789ABCDEF.
- Client databases with open default port, admin/admin superuser.
- Critical applications (potential for substantial property damage, maybe loss of life) with a single point of failure and without backup.
Suggestions, to slow down a bit with sales, so we have time to rewrite this steaming pile of crap are met with the excuse: be more pragmatist, this is standard industry practice.
Some of this shit can be fixed on my own time if my conscience nags too much, but others would require significant investment of time from multiple developers, which would slow down new business.
Guess the pay is ok, so that's something... -
!rant
Something I needed without even knowing, but finally realized today:
alias ls='ls --group-directories-first'
(mac-fags will need to brew coreutils and alias to gls instead)
All credits to that random guy on superuser (stackexchange). Make directories great again! 😇 -
I'm in vacation in portugal and in the apartment the WLan has the default ssid. So i tried to login with the default credentials into the web panel. It worked... Now i have superuser access and can change everything i want...4
-
Me teaching my SO some coding:
"Oops permission error. Run the same command but start with `sudo`."
"What does `sudo` mean?"
"Super user"
"what about the -do?"
* confused pikachu face *2 -
Hey guys, I need to implement a scripting ability on an app but with a tiny language that we build.
But I have no idea where to start and I got pretty confused after a google search.
Any ideas? -
What OS do you use at work?
Are you local admin of your work computer?
If no, how are local admin rights managed?
Do you think that giving local admin rights to devs is a good idea?14 -
Searching for a solution to an issue related to FFMPEG and all the Stackoverflow related questions have 1 or 2 answers that are completely miles away from solving the issue. Superuser, not helping also.
I am going back to the farm for sure.2 -
Passwordless Unix login leading to a console menu. You can then FTP in for free and remove ~/.login . Boom ! Shell access! And I already had a superuser access from another "dialog" asking to confirm a dangerous action with the superuser's password. Boom! Root access !!
-
So, some data need to be prepared during the summer and the diverse departments' elected data processors got shared in a Google spreadsheet they will need to fill with some basic data IT needs. Simple, straightforward data entry, with nothing private nor confidential. Just another divide-and-conquer-style large amount of data to enter & organise, that's all.
Today, I received a new comment notification as the owner of the spreadsheet. You can imagine my surprise when I saw that, for some f*cked up reasons, one of the guys just wrote the super-admin username & pw for one of the main data systems we use in a freaking comment in the spreadsheet... WTF...
Oh, and also, juuust in case, he also wrote the pin code that is normally required to pass through the device-check when you log-in as a super-admin from an unknown device and/or location.
Fortunately I could catch it on time, but this just ruined half of my day.
I am supposedly on freaking annual leave. Ha Ha. Ha.
Top Tags
Weekly Rant
View