I created a small server, waited for my colleague to take a quick toilet break with his laptop unlocked. I only had a few minutes available so I quickly opened a terminal, installed the openssh server, curled to my laptop to download a small script that behaved almost like sudo, so that when invoked it would send the passphrase inserted to my server and returned a notice of incorrect password, tricking the user into thinking of a mispell, then I edited his .bash_profile adding an alias to sudo so that it would invoke my script once and then delete both the alias itself and the malicious sudo script.
When my colleague returned to his laptop, after a bit, I asked a newbie question "Could you tell me if sudo whoami works for you? I get a funny behavior on my machine..".
He took the bait, sent me his user passphrase, notice the apparent mispell, re-entered the passphrase and obtained the expected result.
I thanked him and planned a bit.. 🤓😈
I started ssh-ing on his machine, ejecting the cd tray every once in a while.
Then I shared the fun with the other colleagues so that they kept ejecting the cd tray randomly, even when I was not there.
After a few days he gave up and kept the tray open. 😆
I eventually told him the prank.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I created a small server, waited for my colleague to take a quick toilet break with his laptop unlocked. I only had a few minutes available so I quickly opened a terminal, installed the openssh server, curled to my laptop to download a small script that behaved almost like
sudo
, so that when invoked it would send the passphrase inserted to my server and returned a notice of incorrect password, tricking the user into thinking of a mispell, then I edited his .bash_profile adding an alias tosudo
so that it would invoke my script once and then delete both the alias itself and the malicious sudo script.When my colleague returned to his laptop, after a bit, I asked a newbie question "Could you tell me if
sudo whoami
works for you? I get a funny behavior on my machine..".He took the bait, sent me his user passphrase, notice the apparent mispell, re-entered the passphrase and obtained the expected result.
I thanked him and planned a bit.. 🤓😈
I started ssh-ing on his machine, ejecting the cd tray every once in a while.
Then I shared the fun with the other colleagues so that they kept ejecting the cd tray randomly, even when I was not there.
After a few days he gave up and kept the tray open. 😆
I eventually told him the prank.