I'm In Your Leenucks Box Changing Your Password

by Scrap

at http://blogs.ittoolbox.com/security/investigator/archives/im-in-your-leenucks-box-changing-your-password-17600

So I've been a professor at this 'little school' for a while now. I love my job. My classes contain students from all age groups. I have a few 17 year old high schoolers that are here because they are bored during the summer. I have a few seasoned folks that have IT experience. I also have a few people that are clearly here just for the three credit hours.

The classroom is set up in a 'lab' environment. Each student has a PC in front of them that netboots linux from a central box located near my desk at the front of the classroom. This setup works great because the students come into the classroom every day, power on their PC, and they get the exact OS load and lesson they need for our session. Not to gloat, but I designed it this way and I'm the envy of a few other professors *cough* Windows instructors *cough*.

I have this one student that I'll call "Pima". Yes, that's an acronym.

Pima is one of the 17 year olds in the class and considers himself an uber-hax0r. He constantly interrupts me during my lessons trying to make valid points that are somewhere between "WHAT?" and "OMG YOU ARE NOT USING THE DEBIAN!". For those of you that listen to the podcasts and remember my story about training some folks over in another country and some dude put my kevlar vest over top his... well, let's say if we were in combat and this kid dropped his kevlar I think I'd dig a hole and bury it so he couldn't find it.

This kid has the attention span of me at a Hooters restaurant. He's always doing "something" on his PC during class. Most of the time he's constructing poorly written bash scripts and trying to download stuff from an internet connection that really doesn't exist. I didn't say he was bright did I? Right.

One day recently we had a special Saturday class that was very lab intensive. Right before the lunch break I informed everyone that I'd be going around to each PC and "breaking" something that they'd have to fix when they got back. Usually I do something silly like screw with their /etc/resolv.conf file, comment out some things in a service's configuration file, or some other type of fun.

During the lunch hour I wander around and start breaking stuff. I get to Pima's machine and I can't login to the machine as root. My little uber-hax0r had changed the root password.

Note: All students have the root password to their workstations as part of their lesson.

Let's keep in mind that this kid is NOT the ripest banana in the bunch by a long shot. Let's think about this, shall we?

  1. The PC neboots to an image. Changing the root password is effective for the current 'session' only. I reboot the machine, I get a fresh load. Kapisch?
  2. SSH is running on all of these boxes. Did I mention that I authenticate using a certificate to all of these machines? I don't NEED the password.
  3. In /etc/passwd, there's this really cool user called (and I kid you not) "backdoor". Backdoor is authorized for 'su'.

Curiosity was killing me. I tried to login as "backdoor" and sure enough it worked and I could issue commands as root. Duh. I wandered back to my instructor workstation and ssh'd to his box as root with no problems. I had a decision to make. Do I just reboot the machine and carry on? Or do I teach this kid a lesson? Oh yeah, he's getting a lesson.

I whipped out my microphone from my laptop bag and plugged it into my workstation. I recorded a few choice sound files and scp'd them to his workstation in a directory I made called "/tmp/.../lmao". I then made sure that 'sox' was installed on the workstation. It was. I ran back over to Pima's workstation and made sure that the speaker volume was turned to 75% on his speakers. Just to be a jerk I used my trusty pocketknife to pry the volume knob off of the speakers. There will be no adjusting these bad boys! The clock said that I had half an hour left before the students returned, so I quickly returned to breaking the rest of the students' workstations.

A half hour later it was show time. The students filed back into the classroom. Pima was five minutes late as usual. I instructed the class not to touch their keyboards until I gave them their instructions. After I prattled on for five minutes with the assignment I sat back down at my workstation and acted like I was busy. I noticed that Pima had a big grin on his face after he logged into his machine with his root password. The grin said "haha you didn't break MY stuff!". I brought up the xterm that was ssh'd into Pima's workstation and issued the following commands:

$ cd /tmp/.../lmao

$ play haha1.wav

At that moment a loud booming voice commanded its way from Pima's speakers:

YOU SHOULDNT HAVE CHANGED MY ROOT PASSWORD BOY!

There was dead silence in the room. Pima jumped back about half a foot from his PC. Laughter ensued. I glanced up from my screen and glared at Pima.

"Is there a problem? You should be working on your assignment and not goofing around."

Pima squeaked out a "It wasn't MEEEEE!"

I glanced back down at my screen and waited another few minutes. I then issued this:

$ play haha2.wav

The class was treated to a very high-pitched chimpmunk version of "MY HUMPS! MY HUMPS! MY ITTY BITTY HUMPS!" At this point the class was dying in laughter. I continued with my straight man act.

"Pima, if you interrupt this class one more time I'm walking you out. Have some respect."

He sat there and didn't say A WORD. A few more minutes go by and Pima is typing like a mad man on his keyboard trying to figure out what the heck is going on. It was now time for "Le Finale Grande".

$ play haha3.wav

Pima's speakers blared the following in my own God-like voice:

"ATTENTION CLASS. THIS IS WHAT HAPPENS WHEN YOU DONT PAY ATTENTION TO THE INSTRUCTOR, CHANGE YOUR ROOT PASSWORD AND COMPLETELY DISREGARD YOUR ASSIGNED WORK. THAT IS ALL."

At that moment Pima figured it out and was treated to his classmates (and me) laughing hysterically at him. He stood up, put his arms up in the air and proclaimed "YOU GOT ME. YOU GOT ME. OKAY."

Pima has been a perfect gentleman since. He even shows up to class five minutes early every day.

distrowatch

Top