On-Prem

Sysadmin cracked military PC’s security by reading the manual

All it took was a three-fingered salute and some autoexec.bat action


On-Call Welcome once more to On-Call, The Register’s attempt to make Fridays tolerable by bringing you fellow readers’ tales of terrifying tech support jobs they somehow survived.

This week, meet “Guy”, who told On-Call he grew up in the golden age of the microcomputer, meaning that by the time he joined his local Army National Guard unit he was familiar with machines like the TRS-80, Ti-99/4A, C-64 and Apple II.

One day National Guard HQ delivered a new PC to Guy’s unit. His prior experience meant he was given the job of making it work.

His problems started immediately because Guy’s superior “explained that the guys from HQ had set everything up, but had forgotten to give them the password to get into the system.”

The PC in question was a Zenith Data Systems 286 that Guy powered up after “throwing the big toggle switch on the side, waiting a while for a lovely green screen with a menu would pop up.”

Drug cops stopped techie's upgrade to question him for hours. About everything

READ MORE

Without a password, nothing else was possible at that point.

Guy figured there had to be a way around that impasse, so “looked at the system, tried variations of CTRL-C, CTRL-BREAK and CTRL-ALT-DEL. Nothing seemed to work. So, I asked for the manual, started looking through it, and started laughing.”

Why the chuckles? Because “Zenith Data Systems at the time had a lovely diagnostic set built into ROM. To access it, all you had to do was hit CTRL-ALT-INSERT instead of CTRL-ALT-DEL.”

And one of the diagnostic options available after CTRL-ALT-INSERT was “a boot to command prompt, bypassing the autoexec.bat file”.

Guy told us he “happily did the CTRL-ALT-INSERT, got to the command prompt, made a backup copy of the autoexec.bat file and wrote another .bat file to put everything back the way I'd found it, and removed the password bits from the autoexec.bat file.”

But Guy’s clever effort seemed to have been in vain, because just as he was finishing, a call came in from HQ with the password.

Guy’s boss “laughed and told them that one of his guard members was able to bypass the entire ‘security system’ and access the PC”.

Which was when Guy was told to “wait here” while a rather serious discussion started about his exploits.

“I'll admit to being a bit nervous about it, but figured I was asked to do it by an officer higher in rank than me, so I hadn't had a choice.”

Guy’s nervousness was the right reaction, because he was soon subjected to quite the grilling by his superiors.

His response was to “meekly raise my hand and say ‘I read the manual’.”

Which didn’t go down well, so Guy “pulled out the manual, opened it to the page on diagnostics, read the applicable section, then went through the steps.”

“Their jaws just dropped, speechless, staring. They'd been assured that no one could get past the security in the autoexec file since CTRL-C.”

Guy was then asked to restore the PC to its seemingly secure state and told not to say anything about his finding to anyone.

Several months later, folks from National Guard HQ returned, “opened the skin of the PC system and replaced a ROM chip”. And with that, Guy’s exploit became impossible.

“I found out later that I'd gotten a commendation for finding the vulnerability and reporting it,” Guy concluded.

On-Call assumes whoever signed off on the purchase got the opposite!

Have you cracked the surely-not-crackable? If so, click here to write to On-Call and perhaps we’ll feature your story here on a future Friday. ®

Send us news
214 Comments

Ad agency boss owned two Ferraris but wouldn't buy a real server

Resulting cycle of rushed repairs and recriminations did wonders for the IT/user relationship

What's brown and sticky and broke this PC?

Nothing, according to its user. But the techie who tried to fix it found a sweet solution

Job interview descended into sweary shouting match, candidate got the gig anyway

And soon learned he had won the argument

They call me 'Growler'. I don't like you. Let's discuss your pay cut

Tough guy act was flimsy: our readers fleeced him, then dropped him in it

Work for you? Again? After you lied about the job and stole my stuff? No thanks

Sometimes the best form of revenge is doing nothing – very politely

Dave's not here, man. But this mind-blowingly huge server just, like, <i>arrived</i>

Ganja believe it? The customer couldn't when their box went up in smoke

Please install that patch – but don't you dare actually run it

This is a fine approach if you want great uptime stats. Security? Not so much

Techie climbed a mountain only be told not to touch the kit on top

Twelve very cold hours and many miles after being told to ignore the power button, guess what happened?

Standards-obsessed boss ignored one, and suffered all night for his sin

When a rack sits on a metal plate, that’s so not an invitation to move it

Junior techie had leverage, but didn’t appreciate the gravity of the situation

Disrespect for physics saw the datacenter, and a career, come tumbling down

While we fire the boss, can you lock him out of the network?

And he would have got away with it, too, if it weren’t for this one tiny backdoor

Tech support done bad sure makes it hard to do tech support good

Read the manual, they said. If only they'd said it about the right manual