Open, login! Or security audit nepadzecky
Early March. For me personally - not a very pleasant time of the year. There is an unpleasant smell of dampness in the air, and the shoes are filled with moisture very quickly, one has only to walk on loose wet snow. Through the snow, multicolored pet waste, yellow-orange cigarette butts, plastic bags and other garbage come through. At 9 am it is not so noticeable, and internally I was glad that I would spend lunch time in the office. I went to work half asleep and thought about the task of optimizing the script.
Today I came to work earlier than my colleagues. Before their arrival, there was about 20 minutes left and I wanted to have fun before the working day. I found something interesting in YouTube’s subscriptions, so I decided to find a directory on the web where we usually share files. Having opened the Explorer, I moved the mouse pointer to the address bar and clicked. The cursor blinked warmly and invited me to enter the directory address. Thinking about it and looking at the wall, I entered random numbers and pressed the Enter key. After 3 seconds from the speakers clicked the standard sound of opening the Windows folder.
Looking at the monitor, I saw not the usual garbage bin of files, but several folders with names unusual to me - “1CBase”, “Tax”, “Samples of documents”, “Keys of SONO”. Well, yes, that's right - IP 192.0.2.10. This is definitely not a local garbage 192.168.1.101.
Looking around the office, I smiled evilly. Instantly, thoughts appeared and disappeared:
- Man, you can earn money on this;
- here it is glory - comes unexpectedly;
- Fuck, I got here.
')
Thinking about it, I realized that I didn’t know how to benefit from accounting data and 1C databases. Interrupting the inner unknown fear, which then ran up to the throat, then abruptly hit the heels, I began to study the files. Indeed, it was a real computer accountant company IT-Wolfram Gold Kazakhstan, located in the city of Almaty. Salary estimates in xls files, statements from employees in rtf, scans of jpeg documents, keys of access to personal accounts of the taxpayer are only the tip of the iceberg. A little thought, I downloaded the file places.sqlite (history of visits to Mozilla Firefox), studied. I looked at the saved passwords and re-read the logs of Internet messengers. Cool, I felt like a detective. It seemed that I could manage the financial side of this company or, to put it in black, merge the dough.
But a respectable citizen of the Republic of Kazakhstan lived in me. Among the documents in the file “My Resume.docx” I found an accountant’s mobile phone. She was a woman of 52 years old. Ambitious, sociable and thirsty for new knowledge, with vast experience in various organizations. Having visited the site of the operator, I sent an SMS:
u menja kljuchi nalogovoj i bazy prodam ili udalju skype profixakep
The shades of a detective again seemed to me.
A couple of minutes on Skype wrote a certain Talgat. I understood that this was my case. A colleague came in, I greeted him and pretended that he was already very busy with work. I wrote:
- Good day. I'm listening.
There was a pause of two minutes. I was answered:
“About the sms ... Is there any evidence?”
- Yes, keys to SONO, database, documents. I'm not an attacker, I'll just show vulnerabilities.
I clearly did not want to answer. Having put pressure on the fact that I merged all the information on the hard disk and got access to Internet banking, I received the answer:
- The computer is old, the bases are old, info is not relevant.
Suddenly I wanted to forget all this and do some work. I blocked Talgat and removed it from the contact list. I used Skype with my real data, I didn’t download anything to my hard drive, there was nothing to be afraid of and I switched to work.
Coming home and going to read the tape "VKontakte" I found a personal message from Talgat:
“I’m watching, you’re a nice guy, like, you’re into robotics, and your site is useful.” Why do you scare grandmothers? Our accountant panicked, called the boss. The chief said to write a statement to the authorities. I persuaded him not to do this and explained that you are simply a kulkhatzker - and even without anonymity (!), And you simply do not understand what you are contacting. You're lucky that I figured out what's wrong. Others would not understand. Go to the police. Don't do that anymore! Do useful things.
This post hurt me. It seems to have shown a mistake, admitted that he had found it, and here on you - the police.
Communication started:
I: So I said that I was not an attacker. If a disk partition is shared and visible to anyone.
Talgat: Not to anyone, but to users of the local network.
Me: You tell your boss. I didn’t even use a scanner, but I accidentally entered into the address bar an ip address from the range of Cossacktelecom. It's a pity in the 7-ke no telnet client, and putty was too lazy to download.
Talgat: I will explain it easier. Nobody shared files to share. Taking advantage of a vulnerability is like cracking a bad lock. It does not give you a legal basis to break the door and steal someone else's. So?
I: I did not post it. It was the files that had public access via the SMB protocol. No authorization. Almost any member of the Internet could get access. Another would have merged the information (and believe me, there is where) and your company would suffer losses. And this is not a vulnerability. These are curve hands of the system administrator.
Talgat: I spoke with the boss. We have nothing secret in the bases. Banking without a card does not work. Losses have nothing to bear. And about the curves of hands, it seems: I am beginning to understand what the matter is ...
I: But we know what's the matter. It is better to configure LAN and access to devices and partitions once.
Talgat: Aypishniki, white network ... I did not think that everything was so neglected.
Me: So let your boss write me a premium for a security audit.
Talgat: Our sysadm is, in general, a network installer. And I'm working on the project as a stupid user.
Me: I need to write an article, otherwise I cannot get an invite to Habr.
Talgat: I will talk with the chief at the expense of the audit, I will have to rake it myself now. Thanks again!
I woke up when someone pushes me on the shoulder. Raising my head, I saw my director and realized that I had fallen asleep again at the workplace, staying up late at night. It is time to tie up with optimization and take up the following tasks.
Today I came to work earlier than my colleagues. Before their arrival, there was about 20 minutes left and I wanted to have fun before the working day. I found something interesting in YouTube’s subscriptions, so I decided to find a directory on the web where we usually share files. Having opened the Explorer, I moved the mouse pointer to the address bar and clicked. The cursor blinked warmly and invited me to enter the directory address. Thinking about it and looking at the wall, I entered random numbers and pressed the Enter key. After 3 seconds from the speakers clicked the standard sound of opening the Windows folder.
Looking at the monitor, I saw not the usual garbage bin of files, but several folders with names unusual to me - “1CBase”, “Tax”, “Samples of documents”, “Keys of SONO”. Well, yes, that's right - IP 192.0.2.10. This is definitely not a local garbage 192.168.1.101.
Looking around the office, I smiled evilly. Instantly, thoughts appeared and disappeared:
- Man, you can earn money on this;
- here it is glory - comes unexpectedly;
- Fuck, I got here.
')
Thinking about it, I realized that I didn’t know how to benefit from accounting data and 1C databases. Interrupting the inner unknown fear, which then ran up to the throat, then abruptly hit the heels, I began to study the files. Indeed, it was a real computer accountant company IT-Wolfram Gold Kazakhstan, located in the city of Almaty. Salary estimates in xls files, statements from employees in rtf, scans of jpeg documents, keys of access to personal accounts of the taxpayer are only the tip of the iceberg. A little thought, I downloaded the file places.sqlite (history of visits to Mozilla Firefox), studied. I looked at the saved passwords and re-read the logs of Internet messengers. Cool, I felt like a detective. It seemed that I could manage the financial side of this company or, to put it in black, merge the dough.
But a respectable citizen of the Republic of Kazakhstan lived in me. Among the documents in the file “My Resume.docx” I found an accountant’s mobile phone. She was a woman of 52 years old. Ambitious, sociable and thirsty for new knowledge, with vast experience in various organizations. Having visited the site of the operator, I sent an SMS:
u menja kljuchi nalogovoj i bazy prodam ili udalju skype profixakep
The shades of a detective again seemed to me.
A couple of minutes on Skype wrote a certain Talgat. I understood that this was my case. A colleague came in, I greeted him and pretended that he was already very busy with work. I wrote:
- Good day. I'm listening.
There was a pause of two minutes. I was answered:
“About the sms ... Is there any evidence?”
- Yes, keys to SONO, database, documents. I'm not an attacker, I'll just show vulnerabilities.
I clearly did not want to answer. Having put pressure on the fact that I merged all the information on the hard disk and got access to Internet banking, I received the answer:
- The computer is old, the bases are old, info is not relevant.
Suddenly I wanted to forget all this and do some work. I blocked Talgat and removed it from the contact list. I used Skype with my real data, I didn’t download anything to my hard drive, there was nothing to be afraid of and I switched to work.
Coming home and going to read the tape "VKontakte" I found a personal message from Talgat:
“I’m watching, you’re a nice guy, like, you’re into robotics, and your site is useful.” Why do you scare grandmothers? Our accountant panicked, called the boss. The chief said to write a statement to the authorities. I persuaded him not to do this and explained that you are simply a kulkhatzker - and even without anonymity (!), And you simply do not understand what you are contacting. You're lucky that I figured out what's wrong. Others would not understand. Go to the police. Don't do that anymore! Do useful things.
This post hurt me. It seems to have shown a mistake, admitted that he had found it, and here on you - the police.
Communication started:
I: So I said that I was not an attacker. If a disk partition is shared and visible to anyone.
Talgat: Not to anyone, but to users of the local network.
Me: You tell your boss. I didn’t even use a scanner, but I accidentally entered into the address bar an ip address from the range of Cossacktelecom. It's a pity in the 7-ke no telnet client, and putty was too lazy to download.
Talgat: I will explain it easier. Nobody shared files to share. Taking advantage of a vulnerability is like cracking a bad lock. It does not give you a legal basis to break the door and steal someone else's. So?
I: I did not post it. It was the files that had public access via the SMB protocol. No authorization. Almost any member of the Internet could get access. Another would have merged the information (and believe me, there is where) and your company would suffer losses. And this is not a vulnerability. These are curve hands of the system administrator.
Talgat: I spoke with the boss. We have nothing secret in the bases. Banking without a card does not work. Losses have nothing to bear. And about the curves of hands, it seems: I am beginning to understand what the matter is ...
I: But we know what's the matter. It is better to configure LAN and access to devices and partitions once.
Talgat: Aypishniki, white network ... I did not think that everything was so neglected.
Me: So let your boss write me a premium for a security audit.
Talgat: Our sysadm is, in general, a network installer. And I'm working on the project as a stupid user.
Me: I need to write an article, otherwise I cannot get an invite to Habr.
Talgat: I will talk with the chief at the expense of the audit, I will have to rake it myself now. Thanks again!
I woke up when someone pushes me on the shoulder. Raising my head, I saw my director and realized that I had fallen asleep again at the workplace, staying up late at night. It is time to tie up with optimization and take up the following tasks.
Source: https://habr.com/ru/post/361829/
All Articles