Sysadmin tells user CSI-style password guessing never w– wait WTF?! It's 'PASSWORD1'!
Sysadmin hated making it look so easy, but didn't mind being a hero for saving a payroll run
On-Call Can you feel it? The weekend's just over the horizon, so it's time for On-Call, The Register's Friday column in which we share readers' tales of literally incredible jobs that produced improbable feats of sysadminnery.
This week, meet “Ron” who told us he used to work for a government agency and sent us a story about how, on “One Friday evening I was leaving the office a little late when I noticed one of the HR staff still working and looking flustered.”
Ron's a lovely bloke so “I talked to her and she said she was trying to get the monthly payroll run done but there was some technical problem.”
“Since this was a matter of all the agency's staff getting paid on time - and I was one of those staff - I allowed my altruism to win over my cynicism, took off my jacket and sat down to help.”
The problem was easy to diagnose. Ron quickly realised that the client certificate his colleague was using to access a remote payroll application had expired. Ron explained a new certificate had probably been sent. If they could find it, they'd be home free.
User worked with wrong app for two weeks, then complained to IT that data had gone missingREAD MORE
The HR person duly rummaged through her desk and found a CD-ROM she had received in the post. Said CD contained the new certificate, but Ron quickly found it was password-protected.
“We were now firmly into The Weekend and there would be no-one available from the payroll app's suppliers to assist until Monday,” Ron related to The Register. So he and his colleague looked for the password on the surface of the CD, the envelope it came in, a letter in the HR person's drawer … anywhere, really.
As the minutes ticked by and the search seemed likely to end badly, Ron “tried to gently break it to her that this was game over.” Without the password there was no chance to get the new certificate and without the certificate nobody would get paid on time.
The HR person wasn't keen on that outcome. She made it plain to Ron that she was “reluctant to accept this status quo and asked if I could crack the password?”
Ron told us he “tried to keep the mood light” by saying “Real life doesn't work that way. If this was a movie I would just think for a moment or two, and then guess the password.”
At which point Ron theatrically inserted the CD-ROM, waited for the password dialog to appear and typed “PASSWORD1”.
And much to his surprise, “PASSWORD1” was indeed the password.
“Two minutes later the payroll app was fixed and ready to go.”
“My emotions were very mixed about this,” Ron told us. “On the one hand, I was the hero who saved the payroll. But I am still upset that what I had intended as a light-hearted demonstration of how unrealistic movie-hacking is backfired so spectacularly.”
Have you ever pulled a CSI move at work? If so, write to let me know and you might get a run in a future edition of On-Call. ®
Sponsored: Becoming a Pragmatic Security Leader