Being both curious and observant, I enjoy picking and prodding to understand how things work. In terms of computers that has always been a fascination with appreciating how software services protocols and clients work. Leading me to inspect that element, whois that server, capture that packet and tamper that data. Never with any malicious intent and always in the spirit of white hat hacking. Below list a few holes I identified and have been reported. They’re all entry level stuff and the majority are automation of manual hacks I discovered.
At Lincoln to print, request, reserve or take out books you require a four digit pin number. Most of this service is based online, where a client submit a username a pin and a cookie. I found early on that the cookie allows for a limited number of attempts yet the number of cookies you can request is infinite. By doing this method as well I observed that I was not locked out of my account after ‘n’ attempts. During a paid summer project I was introduced to python, its string parsing abilities made it perfect for automating http cookie requests and submission of pin attempts. This method is slow taking around 0.2 seconds per attempt (on modest internet), though in bash I have demonstrated its serial capabilities to greatly boost speed . The app has actually become in remarkably useful within my last office where temporary researchers required knowledge of they’re pin’s to print. And yes the university IT were made aware of this over a year ago.
Within most Microsoft Outlook SMTP servers is a lists of all clients known as the GAL (Global Address List), Lincoln is no difference and allowed internal clients to query the database of a users real name and get their email. Given this curiosity excited me towards locate said file / DB and rather than having a small list of all the clients called ‘Mark’ could I have the whole list. Written in C++ the program parsed the data, creating an XML of the entire user tree. Since this information attained was accessible by any Lincoln user this was process was automation rather than hacking though Lincoln IT were again informed.