n3m0 inserted the power cord again and started the machine. He placed his CD in the tray and made sure the server booted from it. The boot process seemed to take forever. He jumped when a tape robot came alive behind him and started rotating tapes.
“Damn”, n3m0 screamed. If he was lucky, and the sysadmins sloppy, they might not notice that the server had “crashed” during the night, but if the backup failed someone would check it out. I have to get the server back up again.
Finally the system was done loading, he configured the network, opened up a command prompt and typed:
c:
cd temp
md temp
cd temp
copy c:\windows\system32\cmd.exe
He opened the Opera browser and downloaded srvany.exe which he placed in the C:\temp directory. n3m0 grabbed another tool and double clicked on the application, RegistryEditorPe. When the registry loaded, he browsed to the HKLM\_REMOTE_SYSTEM\ControlSet001\Services key. He added a new key and called it revenge. Under his revenge service he filled in Type, Start, ErrorControl, ObjectName, ImagePath. This will be perfect, n3m0 was humming to himself as he added a new key; Parameters.
Under it he created two entries Application with the value ‘C:\temp\cmd.exe’ and AppParameters with the value ‘/k dsadd user “cn=root,cn=users,dc=exibice,dc=com” -samid root -pwd Password13 -memberof “cn=Domain Admins,cn=users,dc=exibice,dc=com”‘
n3m0 closed the registry editor and clicked start, shutdown options, reboot (eject CDs). Again the boot process took an eternity. He wished he had a blue pill to feed the server. When Windows was done booting, n3m0 issued the three finger salute, and entered root and password Password13. The instant he hit enter he was presented with a message box.
Logon Message
The system could not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case.
n3m0 just stared at the message box, this is not happening. He knew he had typed it in right, but tried again anyway. The same message was returned.
Something inside n3m0 clicked and he started swearing and shouting at the server. After a few minutes he calmed down, he was sitting on the switch again talking to the server.
“You know, I wish someone would develop artificial intelligence. That way you’d understand how much I hate you.”
In his imagination the server answered him. “I might be slow, but you’re not the sharpest tool in the box either.”
Slow, of course, n3m0 pulled the power cord and booted from the CD again. He added a parameter to his revenge service; DependOnService with the value; dns netlogon.
After another long reboot n3m0 logged as root, the newly created domain administrator on the Exibice network.
0wned!
[tags]security, stories, fiction, insider threat, disgruntled employee, physical security[/tags]
Subnet says
Keep it coming, great stuff!