mvassilev
Responsible
Undefeatable Hero
|
posted March 23, 2009 02:29 AM |
|
|
Epic win - tales of a guy from GameFAQs
"I rick roll my IT department.
Day 1:
In order to teach the newer folks to lock their computers when they walk away, I would simply change their homepage to rick-rolld.com and get a laugh when they return. Eventually this got stale because they kept forgetting to lock down their machines(sensitive data), so I started changing some of their icons to redirect to a rickroll.
Day 2:
The newbies whined to our pal who is responsible for maintaining classified systems, he's a pro at building his own apps and knows windows inside-out. He sends an email out to our whole department with images of movie characters(narnia, etc)with my face photoshopped onto them.
Day 3:
I came in the next morning and unplugged his Ethernet cable slightly, only enough to sever the connection...but it still appeared to be connected. He came in and realized what I had done, and retaliated by placing clear tape over the connectors at the ends of my own cable(were hard to get off). Rage.
Day 4:
He came in and saw someone else logged into his laptop, a coworker. He logged in with his account and all his data was gone. He figured out that I had swapped his laptop with another persons, and I arranged his desk so that nothing appeared suspicious. I moved his CD, security card, everything...to the new laptop. It was completely identical. He raged.
In order to avoid his wrath, before I left that day...I unplugged my network cable slightly, so that he could not remotely access it. I also locked my machine instead of logging off completely...so I would be able to tell if he went into it.
Day 5:
Nothing had been touched...all was quiet. I wondered if he had given up? I was extremely paranoid all day. We went to lunch like normal and were buddy buddy like always, nothing seemed menacing here.
Day 6: (today)
Oh ****, it happened. I logged in and got rick rolled by my browser popping up. I checked my homepage and saw that it was the same as always, nothing unusual. I logged in later that day with another account, and it happened again. I found a rick roll link in:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
so it would popup whenever I or anyone tries to log into the computer. >=(
Two of my coworkers thought it was hilarious, so I moved the file onto their computers into that same location, but they haven't realized yet. They will tomorrow morning when they login.
I tried to pass it onto my opponents machine, but got an error message about not having rights to do that. The bastard changed his security policy so that noone could remote into his machine. RAGE.
I did the same, so that noone could remote in. So now we were even in terms of network protection. If either of us wants to mess with the others machine, we would have to do it physically at the persons computer. It's more obvious though, as we can view the logs or see the profiles on the machine. It would need to be done stealthily.
Day 7: (tomorrow)
So here we are. My idea for tomorrow morning...
1. Log into his computer with an administrative domain account.
2. Disable his event viewer service to stop the logging of activity.
3. Delete the secEvent.evt log which contains evidence of me logging in.
4. Place a rick-roll mp3 into the all users profile, startup, so that it will play whenever he logs in. (but that's a decoy)
5. I will have also placed a script in his main profile, startup, and make it invisible so he can't see it. He won't suspect it to be in such an obvious place. The script basically displays the rick astley lyrics on his screen with a countdown(30 minutes or 1 hour) until his computer reboots.
6. I will go in and configure his system to hide the name of the last person who logged in:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
Create a new DWORD value named DontDisplayLastUsername
Set it to 1
or
At the Run command line type secpol.msc to open the Local Security Settings. Then open Local Policies\Security Options and enable the policy named Interactive Logon: Do Not Display Last User Name. Congrats you have just made the hackers job a bit harder.
7. If all goes well and I'm successful, I will make his computer accessible from a remote computer again, and delete my profiles off it to hide the evidence(from my own computer). This will not be logged as his event viewer service is still turned off.
So if I'm correct, he will have no way of finding my presense on the computer, though he will suspect that it was me. Only ways he could discover me, are firewall logs and whatnot..."
"My boss knows about it, but he doesn't really care since we aren't doing anything disastrous. In fact, my boss was accidentally rick rolled during our pranks.
Sometime around the start of all this, I had sent a coworker(one whom usually conspires with my enemy) an email containing a link to "special leaked footage of Ironman 2." He's a huge ironman/superhero fanatic. The link was actually a rick roll, but he didn't fall for it. He figured out what I was doing and forwarded the email to everyone in the department saying, "lol look what he tried to do."
Of course, many people that got the email saw the "leaked ironman 2 footage" part and quickly clicked on the link without reading his portion of the email. Sadly to say, he got a lot of people rick rolled on accident...including the boss.
My boss was just, "Hey, ironman. Cool. ...huh, what the heck?"..."
"Today I had heard him talking about putting encryption on his machine, so he may have done that before he left in an attempt to keep me from getting to windows. Luckily I know the admin password for the company encryption software, so it shouldn't be an issue unless he can somehow change that.
I've been thinking about ways to keep him off my machine. I'm wondering if I might be able to block all their user accounts by adding them to a unique group on my computer. Will have to research this. I've already put a measure in place to keep them from remotely accessing the computer, if I can prevent them from logging in with their accounts...then all I need to do is change my admin account/password. 
At that point he'll have to crack my admin account or change the password in order to access my computer. To do that, he'll need to be able to run the software locally on my machine...so I should probably disable the USB/CD drive tomorrow if I manage this.
I guess if I do that, though, I'll need to put a password on my BIOS, or else he'll get clever and reenable them.
At that point the only way in, would have to be some insanely advanced technique which I don't know about, or he'll have to pull the hard drive from my computer and access it by hooking it up to his own computer. I should stick some string or something in the panel on the side of my computer so I will know if he messed around in there.
Oh ****, I just thought of something even better.
After all is said and done, before I delete my profiles off the machine, I will add a shutdown script to windows. I'll go into his policy setting and add a shutdown script which will add the rick roll mp3 back to the same location even if he deletes it.
In other words, everytime he shuts off his computer...the rick roll mp3 will be added right back on.
XDDDD Oh god, I won't be able to sleep now..."
"So I got in around 5AM and immediately checked his machine...he had network access and his computer was locked, so I rebooted it and checked to see if there was encryption. Much to my surprise, there was none. Good so far.
I tried to log into his machine with my company smart card account. It denied me. I tried two other accounts and they denied me access as well. The bastard had went into his security policies and told it not to let me logon locally with any of my accounts.
I figured he would have changed the local admin password, but he didn't...so I got in with that. I brought a WinInternals CD in the event that I would have to change the password, but it was unnecessary in the end.
I logged into the administrator account and found a "<myname> is denied" group with all my accounts in it. That ass. I removed only my one account that I had planned to use for the prank. I also went into the group policy editor and removed myself from "cannot login locally."
I disabled event viewer and restarted the computer, then deleted the log files once I was back in.
I placed a Rick roll mp3 into the all users startup folder, tested it, and it worked fine. It causes the rick roll to play whenever someone signs in.
I took a script that I had written that causes the rick roll song lyrics to appear on screen, and to countdown for 30 minutes before rebooting the computer. I placed this in his main profile, so that it will run ONLY when HE logs in. XD I also made it a hidden file, so he won't be able to see it without configuring windows to display hidden files(I turned this off). He'll think the song(in All users profile) was my true goal...but that is just a decoy.
I also went so far as to add the shutdown script that will run whenever he shuts his computer down. It readds the Rick roll mp3 if he deletes it.
I changed the local security policy in secpol.msc to not show the last person who logged into his computer. So my account will not be visible when he goes to login.
Once I was pleased, I removed my account from the "cannot login remotely" security policy. From my own computer, I remoted into his and deleted my profile off his machine to remove evidence of my being there. He now has no evidence that I was there.
He usually comes in at 9AM, but I found out later that he took the day off.
He will be in tomorrow, I am certain of it. I placed a note on his desk that says,
"Rick rolls are free."..."
"So he came in a bit late today, around 10AM. I had to go to a lame meeting in a few minutes, so I didn't get to stick around and watch. He sat down and noted that his computer wasn't locked anymore and saw the note I put above his machine. He logged in and got rick rolled by the mp3.
We had some guys from other buildings there too, as they were going to the same meeting I was. He immediately asked if I went in through his administrator account, and I lied. He knew I was lying and eyed me. I told him to prove that I messed with his machine.
His eyebrow went up and he half-grinned, then gave me that "Oh yeah?" stab. He went into event viewer and tried to open his security log, but bam...an error. He tried his application and system logs...nothing. He couldn't get them to open at all. He stared in confusion.
He couldn't find my accounts on his machine, and he peeked at his group policy settings and commented that my accounts were no longer blocked on there. I loled.
He deleted the rick roll mp3 and basically said, "is that it? I was expecting more." I learned over and took note that he was only logged in with his company domain account. Not an administrative account, which is where I placed my shutdown script.
He went the rest of the day thinking I did nothing else, but we all know that once he shuts his computer down then that rick roll mp3 will just get placed back where it was, and he will be in for a surprise when he logs into his other account on monday.
Before leaving today, I made sure he was completely blocked on my system...remotely and locally(he can't log into it). I changed the administrator account name and password, then shut off my DVD drive and USB ports so he couldn't boot up a livecd or thumbdrive and wipe the admin password to gain access. I put a password on my BIOS so he couldn't reenable them without cracking the BIOS first or popping the CMOS battery. Lastly I once again removed my ethernet cable from the wall, but kept it partially in so that it appeared to be plugged into the network.
As I walked out the door, I dared him to **** my computer up. I saw his eyes light up.
My computer is now at work, alone, with him...until monday. God help me.
Oh, I should note that the mouse and keyboard are USB. So they will stop working. If he boots my computer, he will find that the input devices aren't functioning. "
Another guy's suggestions:
"TC, I HAS IDEAZ:
-Automate your work!
1. Write everything you want to do into an executable.
2. Put that executable, along with any other files it might need to run, onto a USB flash drive.
3. Set the autorun.ini file in the root directory to point to that executable.
4. When he's away from his computer for a few minutes (less time than he thinks you can PWN his computer) sneak over, plug in the flash drive, autorun, and escape.
It shouldn't take less than 30 seconds, especially if you go in early and set his computer to automatically select your executable to autorun when you insert the drive, as opposed to giving that "What do you want to do?" popup.
Once that's done, you could do a great many things to confound him, the least of which would be to reroute his desktop shortcuts to RickRoll intermittently throughout the day. Think of how frustrated he'll get, when his computer is rePWNed in spite of his epic security. You could incorporate a timer mechanism so he doesn't notice it always happens when he leaves his computer.
Also, you could use this to systematically compromise all of your coworkers' computers to make them easier to access (and maybe use against your rival in some way.)
And if all else fails, Google-search for "Last-Measure Operating System." It is the ultimate cyberpranking tool. Use it wisely."
____________
Eccentric Opinion
|
|
(and take them home obviously)
