Reminiscing about pwning

Long work weekend, it always is. But I baked cookies in between fixing servers!

Relevant XKCD reminded me of a funny I did several years ago.

https://xkcd.com/341/

Back around 2007-2010, I did a lot of testing for the XS Schoolserver for the OLPC XOs. I usually didn’t bother with wifi encryption since I was constantly reflashing XOs and that was annoying to reconnect clients. And who would get on my stupid schoolserver wifi anyway?  It would have been either Fedora 7 or 9, ancient.  This was a separate network from my home network, of course.

Well, one day I noticed network blinkenlights flashing like crazy, “Hmm, what is this traffic.” Remember, I was a wee baby sysadmin back then. The XS schoolserver shipped with Squid, so I started live tailing the log to see what was going on.

Someone in my neighborhood got on my XS wifi and he’s checking Facebook, he’s wishing his Grandma a happy birthday, OK, all right. He’s going to eBay, that’s fine. Then… OMG PORN! So, I pulled the Facebook ID out of the URLs in the squid log and found his FB profile with his real name. Let’s call him Kevin Doe. Again, this is many years ago, I don’t know if you can do that with FB URLs now. Hopefully not.

Remember, I was a baby admin back then and not sure about iptables rules, not to mention many other things. I still don’t know much about iptables other than it’s annoying to have to handcraft them and I try to avoid that.

I was irritated at him taking advantage of my “free wifi” and set up a very basic html page. It was something like:


KEVIN DOE

STOP USING MY NETWORK FOR PORN


I put that as the index.html page in the Apache docroot. If anyone went to my webserver, they’d see that. Again, baby admin. I’m just messing with things, learning.

But *he* needed to see that page I created for him.  After some research, the easiest thing was to temporarily set up an iptables rule to redirect all web traffic to 127.0.0.1:80

That dude dropped off my network so fast, it was hilarious.

Can you imagine if you thought you were on a clueless neighbor’s open wifi network, looking at porn, and then they called you out by name?  How humiliating is that?

That’s my sickest sysadmin burn ever, not sure if I’ll ever top it. And I’m so proud I managed that as a relative n00b.

Leave a Reply