Hacker News new | past | comments | ask | show | jobs | submit login

Our high school network ran on Novell NetWare, but I wasn't anywhere near smart enough to crack anything so I just wrote a little program in QBASIC that looked like the NetWare login prompt which rejected all login attempts but dumped what was entered into a text file, and left it running on one of the PCs in the computer room. It wasn't even a compiled program, it was just running inside QBASIC's IDE.

Yet it was running for three days before the admin got around to checking the machine, and all he did was try to log in, failed, and rebooted the machine — bringing it back to the real NetWare login screen. I got his password and pretty much everybody else's too, and to this day, more than 20 years later, I still use bits of his admin password from time to time when I'm creating temporary accounts.

This is exactly why some versions of Windows required you to press ctrl-alt-delete to open the login form. Programs aren't allowed to block Windows from receiving ctrl-alt-delete, so a fake login program would not be able to stay on the screen after the user pressed ctrl-alt-delete. (Of course this only works if the user knows to always hit ctrl-alt-delete when they go to login. If the user sees an already-open (fake) login screen and does not hit ctrl-alt-delete, then they're vulnerable.)

The new Windows 10 login screen doesn't seem to support anything running on it, all I've seen is a duo security prompt that A. Only showed up after a login and B. Doesn't work on Windows 10 in a non-rdp session on a Microsoft account[0]. Sadly this also means you can't run something like Wallpaper Engine on the lock screen[1].

0: https://duo.com/docs/rdp-faq#can-i-use-duo-with-a-microsoft-...?

1: https://steamcommunity.com/app/431960/discussions/0/15001264...

The specific threat that ctrl-alt-delete's supposed to mitigate is where a user's already logged in, but a program's running that mimics the login prompt. Since applications can't handle ctrl-alt-del in Windows, if you pressed it at a fake login prompt, you'd get the Windows Security dialog/screen rather than a login prompt and it would be obvious that something's wrong.

Its utility's limited these days since consumer configurations of Windows have users trained not to expect to have to press ctrl-alt-del to log in. I'm not sure that it's even enabled by default on domain-joined machines any more as of Windows 10 (still available via Group Policy, though).

I've noticed sometimes the lock screen won't show the login dialog via the regular "press any keyboard key" action or via mouse dragging it up, I had to press ctrl-alt-delete. Maybe there are some heuristics that decide this that I don't know about.

I think ctrl-alt-delete generates a hardware interrupt.

It is not a hardware interrupt in the sense that there's nothing special about this key combination to generate a specific interrupt. The only related interrupts are the keyboard interrupts that happen for every keyboard activity, which the BIOS interprets and takes actions like turning on a key LED and storing the actions in a memory buffer (this is all in "real mode" on x86 processors) before that goes further up to the application. Capturing the keyboard interrupt could allow one to intercept specific keystrokes (like Ctrl+Alt+Del) before the OS gets it, but that's not possible in the OSes the most people use today (which all run in "protected mode").

In real mode, the BIOS intercepts it. But it's still not a hardware interrupt; it just never gets to the OS.

Hah, I and a friend did a very similar thing with our school's NetWare. We managed to get ours to silently log the user in after collecting the credentials so it was mostly invisible. We created it to get the password from a particular guy, but in true dragnet style we installed it on as many machines as we could.

I have no idea how network drives were managed with NetWare, but some students always managed to find world writable dirs (that shouldn't be). Then it was a matter of finding some obscure subdirectory, create a new one (typically containing alt+255 characters) and stick games there. Fun times.

We did get his password (and many others), but never actually did anything with it.

I did the exact same thing, wrote the login faker in pascal.

Mine would print the "typo" error message, save credentials, and then log me out and show you the real login screen.

I managed to get the passwords of every student and teacher, but alas, I stored them in a file called hacked_passwords.txt , in my home directory. Got busted, and got a dozen saturday detentions.

You learned an important lesson about the importance of naming things.

This is fiendishly clever; you more than made up for a lack of technical skills by exploiting the wetware angle. Lovely little story :)

Reminded of my past experience and then remembered that already told that story:- https://news.ycombinator.com/item?id=17418559

I did exactly the same thing. Wrote to a file on my personal network share and then did this:

out &h64&hfe

Instareboot on a DOS machine.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact