Tag Archives: SVCE

University Lab Fun (in)security

As an Ex Electrical Engineering Student, i didn’t have opportunities to take many computer science lab courses, as neither the course work nor the electives were flexible.

You know it right, its ANNA UNIVERSITY.

But,thanks to the IT boom, i had

  • Fundamentals of Computer Lab
  • Data Structures Lab
  • Objected Oriented Programming Lab
  • Communication Lab [English]
  • Power System Simulation Lab

Let me walk you through the fun stuffs which i/we had during these labs.

Fundamentals of Computer Lab:

As I was a Fresher,I stayed below the radar and didn’t try anything adventurous. So it typically went like normal lab sessions.

Data Structures Lab:

The lab was entirely based on C, so we were given an unique user id and password, which was merely our roll numbers [ee199 is mine], sadly there was no provision to change the default password. The user id-password was for mounting the user specific directories to the system, so that students could store their programmes on their respective shares. As I was a sophomore at that time, I limited myself to logging into other user’s account and deleting their programs, nothing other than that because i was a bit coward at that time, yeah you read it right i was coward at THAT TIME.

Objected Oriented Programming Lab:

We did C++ and Java, it was the third year and, I was peaking in presentations and coding competitions. The only difference between data structures lab and OOP lab setup was the GUI. We had access to the windows ME machine in OOP lab, whereas in the DSA(Data Structures and Algorith) lab we were given with DOS & Turbo C. The storage part was lamer than the previous lab, as the programs were saved in /bin/ of C drive, and guess what, the c Drives were Shared over the network, so i had to just browse down to a specific user’s bin directory [//system22/c/] and change his/her programs to some random shit, like displaying weird characters on the screen in different colors and running through a infinite loop.

However during the later part they [system admins], were smart enough to change the program storage/execution directory to a NFS, which used to get mounted at the time of logging in. But they were not smart enough to change the password of the server to anything other than “peccc5lab”, so my job became easier. start->run-> //cc5server/c$/eee would list all users’ directories starting from ee101 to ee230 where their programs are stored. Pwnd!

Communication Lab [English]:

It was the same laboratory as the OOP , the lamest lab which I had, it was something similar to the TOEFL exam, The questions used to be generated from a database, and the database file was luckily running from the cc5server which I mentioned above, so I was able to change the questions to anything I want.The funniest part was that, I could have even done the same for the university exams. The procedure was, to send the users database file to Anna University in which the marks were present according to the answers they provided. Before the University Exam, I had the opportunity to view the users.mdb file [//cc5server/c$/exam/users.mdb], surprisingly the marks were encrypted, i thought of copying the encrypted value of my class topper to mine, but what if the marks were encrypted with the roll number as key. So, if i had swapped my marks, it wouldn’t have been able to decipher it, and i would have got landed in a lot of trouble!, so I refrained from doing it.. I even tried to take a look at the .asp file which pulls the questions and reports the answer back, but time didn’t permit and the staffs walking around the lab was watching me as if i looked like a Alien.

Other than this, I used to cause havoc between students using net sent commands. It was a simple trick, As the c drives used to be shared, I used to change the autoexec.bat of system-y to something like

  • @echo off.
  • net send system-x hey as***le !
  • start c:elclient.exe

and change the shortcut link for EL client to open the autoexec,bat file. So when the user in system-y opens his EL client, System-x used to recieve a message displaying as***le! sent from system-y. So it was fun to see the users in system-x and system-y fight with each other.

Ps: EL client is the software in which we used to work, i hardly opened that software.

Power System Simulation Lab:

I have already blogged about this, you can check it here

Operating Systems Lab at SVCE:

Thanks to the Jump start 2 for bringing back the fun part again. This time it was OS lab and we were taught with basic linux commands like ls,chmod,cat,editors [vi] [for some reason the instructor never mentioned emacs, emacs FTW] ,and some pretty basic stuffs. It was easy for me, no i’m not blaming the instructor. they had to cover each and every student, and many of them did not have any idea on either Linux and computers or Rankine cycle, but they used to brag about that they were the mec*sterz ,meh. But she [ the instructor] did not ask me to close my terminal, in which I was teaching my friend about grep and pipe, Never mind. And in the exercise, each user was asked to create files on their home directory i.e exam01…. exam01 was the username given to 90% of the users on that session. Again it was a NFS [Network FIle System], as the files created by each user started appearing in every users’ home directory, some mothafucka created files with filenames that hurt my friend. So the evil inside BORIS stepped out to cook a bash script [evil.sh]

	for((; ; ) )
	rm /exam/exam01/*
	sleep 60

chmod a+x evil.sh

../evil.sh &

and the charming script was running in the background, which deleted every file users created to learn on that lab. I’m now guilty of making no one to use of the OS lab, I wouldn’t have done it, if the file names were not that rude.

Ps: If you are creating a lab environment for students, then better rely on NFS with different passwords or share less local system disk with limited user privileges.

Pps:Try these at your own risk

Thats it for now, I’m tired of typing from 6:30 pm, and now the time is 9:09pm & thanks to vignesh for editing this post

Good Bye,alvida!