229

I suspect a lot of people have difficulty recognizing that what they believe about the world may not be representative of how the world actually behaves. I certainly do, frequently.

Like with politics, people think they need to go vote and march and stuff to effect change, but if you're willing to accept the idea that there are limits to your ability to perceive the world and your perceptions are misleading, you can pretty reliably go and see that isn't true.

You can also decipher deeper realities like you can basically put whatever you want on flat bread, or that you dadskf;'akse'wfaegqrwt;'lj'a fuck my brain. I'm asd I'm not sure what I was trying to say.

you are viewing a single comment's thread
view the rest of the comments
[-] JoeByeThen@hexbear.net 80 points 1 year ago

I have a security background and it's largely all theater. Locks are just to keep out people who believe in them. All those badge swipes and things are about tracking access, not securing things. Matter of fact, most mag locks and electronic doors, by law, have to fail open for safety.

Learn to hack, learn to quadcopter.

[-] ReadFanon@hexbear.net 26 points 1 year ago

Learn to hack

And let's be honest here, even Fort Knox is only ever as secure as the people who operate it.

Generally speaking, an operation is only as secure as the people who function within it and these people tend to be the most vulnerable points in a chain of security.

What I'm trying to say here is that you don't have to be a good hacker to be a good penetration tester and one of the most fruitful areas for "hacking" is always going to be social engineering.

[-] JoeByeThen@hexbear.net 21 points 1 year ago

Calling people up and just asking for their passwords is a time honored tradition. stalin-approval

[-] sooper_dooper_roofer@hexbear.net 15 points 1 year ago

Hello yes this is ur bank calling

[-] bubbalu@hexbear.net 13 points 1 year ago

I always wanted to try being a pen tester because me and my friends used to like to sneak and I liked to schmooze. I would always be the one to distract the cashier or whoever.

[-] mayo_cider@hexbear.net 25 points 1 year ago

A little while ago our company wanted to get rid off local administrator rights, but as developers we kind of need those (like installing the software we develope and other unimportant things), so they installed some crappy software that wraps the user access control and I guess gives them more control over what can be run

It breaks every couple of weeks, but luckily you can use that same software to disable and bypass it by running the control panel as admin

[-] Blottergrass@hexbear.net 5 points 1 year ago* (last edited 1 year ago)

Every windows PC that has a USB port can be hacked into locally. Boot into windows install USB, open elevated command prompt, change the ease of access button's target location to be an admin command prompt instead of the ease of access settings, reboot, click the ease of access button, change the admin password in the admin command prompt, enter the password and you're in.

[-] NewLeaf@hexbear.net 15 points 1 year ago

Also, lockpicking is pretty easy, and a lockpicking kit is really cheap

[-] JoeByeThen@hexbear.net 16 points 1 year ago

Yeah, most commercial non-deadbolt locks are really fucking cheap. A lockpick gun will get you in most doors relatively quick. Most security, keypad, and fire boxes are all using one of a handful of keys. Same with the old crown vic police cars, actually. Also, golf carts.

[-] NewLeaf@hexbear.net 12 points 1 year ago

If you live in an apartment with coin operated laundry, you can buy a key for the coin box really cheap too.

[-] Azarova@hexbear.net 11 points 1 year ago

I've been so tempted to do this for years, but I'd be so afraid they'd notice the missing income and figure something was up.

[-] NewLeaf@hexbear.net 9 points 1 year ago* (last edited 1 year ago)

I would also recommend casing the joint real well too. There could be a camera. It could be thwarted with a well placed laundry basket though.

I lived in an apartment with laundry, and I found out that if you push the quarter "slider" in reeeeal slow, sometimes it would kick on and I could gank my quarters back

[-] GarbageShoot@hexbear.net 14 points 1 year ago

Matter of fact, most mag locks and electronic doors, by law, have to fail open for safety.

Does this mean that passing a strong-ish magnet over them would typically make them open?

[-] JoeByeThen@hexbear.net 20 points 1 year ago* (last edited 1 year ago)

Fail open means that fire code requires an unobstructed path of egress; You can't be locked in a building in an emergency. So mag locks are powered all the time in order to maintain the lock and then you remove power to open the door. This way if power goes out the door opens. In most major Corporate buildings, if you go into the fire panel room, you will find a relay that can simply be pulled out and will remove power to every maglock in the area. Or you can pull the fire alarm, cut the power, etc. Most big buildings also have a little lockbox aka a knoxbox outside their front door with a set of keys inside and some have a switch inside to kill the locks as well. They do have tamper switches though.

I can't remember using a magnet to neutralize a maglock, but I wanted to.๐Ÿ˜… It would have to be a big one and honestly it would be easier to just slap something with a bit of thickness on the maglock when the door is open to prevent it from getting a solid "seal'. It'll give the appearance of being locked, but a good yank will let the door open right up. Often you can also just slide a piece of paper on a coat hanger between double doors or under a door to trip the PIR (passive infrared) sensor used to auto-open for people exiting. It shouldn't work, but those PIR are cheap as hell and often very oversensitive.

[-] bubbalu@hexbear.net 9 points 1 year ago

You can also spray a condensed gas through a door with a PIR on the other side. Only really secure building I worked in was for one of those Billy Budd type people who were really good at some niche technical thing and just hired enough people to be able to focus on the part that they found fun. His shop was in a squat brick building with steel doors that you had to press a button on the inside to open. There were well built steel edges to the door so that a hangar or some other means of attack could not be slipped around.

[-] JoeByeThen@hexbear.net 9 points 1 year ago

You can also spray a condensed gas through a door with a PIR on the other side.

Yes! It wasn't consistent, but we were able to get that working with canned air a few times. Double doors worked best where you could get closer to the PIR above the doors. Holding the can upside down worked best, iirc.

[-] bubbalu@hexbear.net 4 points 1 year ago

Awesome to hear this actually working! I wonder if holding it upside down works best bc it grabs the coldest fraction of gas and causes the biggest temperature differential for the PIR?

[-] JoeByeThen@hexbear.net 3 points 1 year ago

That's my thinking. Most of the PIR aren't very impressive and they're just looking for that temperature change, it doesn't matter which direction. I actually wonder if maybe the paper trick works when it does because it moves the air flow from air conditioning around.

[-] 7bicycles@hexbear.net 13 points 1 year ago

Everything always fails at "guy who doesn't get paid enough to give a shit"

[-] Frank@hexbear.net 4 points 1 year ago

Who watches the watchmen themselves?

[-] TankieTanuki@hexbear.net 12 points 1 year ago* (last edited 1 year ago)

most mag locks and electronic doors, by law, have to fail open for safety

I used to work in a room at a place that violated this regulation. It was a laboratory, too. Those probably catch fire more often than office cubicles.

[-] JoeByeThen@hexbear.net 9 points 1 year ago

Lol yeah, that probably deserves a call to OSHA. Or in some libertarian place where that's not the fire code.

[-] TankieTanuki@hexbear.net 6 points 1 year ago

I seriously considered it at the time, but it was before I was radicalized and I was afraid of rocking the boat.

this post was submitted on 20 Oct 2023
229 points (100.0% liked)

chapotraphouse

13504 readers
1027 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Vaush posts go in the_dunk_tank

Dunk posts in general go in the_dunk_tank, not here

Don't post low-hanging fruit here after it gets removed from the_dunk_tank

founded 3 years ago
MODERATORS