I woke up very early after a night of heavy
boozing with some
females we met
at the
bar . I felt horrible but ready to work a double shift
hungover.
I'll never drink again I told this
stranger as she was getting ready to leave. We said goodbye, as she was leaving I recalled I never got her
name, or if I did, I forgot it.
I showed up at work, not remembering I was scheduled for the night shift so I went home, usually on
Tuesday I work both. Oh well. Can't go back to sleep so I decided to read some
nodes.
After reading
I must hack and the
cracking nodes I realized it had been a while
I had committed a
crime on the
computer. I decided to get
root on a
random foreign university server just to see if I still had it. Twenty minutes later I'm in. I gained
access via an *old* phf.cgi bug. I could
execute remote commands via an
URL string. 'id' showed me as user
nobody. The site had X running so
with xhost +server.name i executed an xterm -display my.box:0 and succesfully
had a working
shell to play with and not mess with those damn URL strings
and % format characters, what a
pain. After
exploiting an old
bug in
Oracle,
I had a working
.rhosts a la
root. Game over. I patched the phf.cgi and deleted
the .rhosts and logged off after erasing my presence from utmp* and wtmp*.
All systems
crackers should have a catch and release policy if you ask me.