Hacker News new | past | comments | ask | show | jobs | submit login

My highschool (well, homeschool resource center) IT admin couldn't log into one of the macs in the A/V lab one day; I heard him talking about it, and being on good terms with him, I offered to try and hack in. I literally googled "how to hack macos password", chanced upon an `nidump` vulnerability recent enough that it hadn't been patched, used that to dump the password hash file, fed that to JTR (compiled on that same machine, to add insult to injury), and almost instantly ended up with the admin password for the entire domain: 1337

It turned out that someone hadn't changed the password, he had just mistyped it over and over again. At the time, I didn't know what "1337" meant, I just thought it was a weird number, and it wasn't until many years later that I suddenly burst into laughter, realizing the "elite" level of security in that lab.

Thanks for the good times, Ron! I'm really glad he just laughed and trusted me as I explored technology instead of freaking out when my portscanners started making the printer spew out a bunch of garbage.






Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: