Saving on airfare with SQL Exploits Tech Support |
- Saving on airfare with SQL Exploits
- Broken-ass bullshit...
- Accounts will not work when disabled.
- And we have a unicorn!
- Omniscience is not a job requirement
- You're right. This is clearly an issue with the app
- The Chronicles of IT-Freely and a bo$$, part 5: Yawning may offend others, and other pearls of wisdom.
- Strange Training Class Experience
- "I dont use Windows"
| Saving on airfare with SQL Exploits Posted: 01 Apr 2019 04:49 PM PDT Hello all! It's your humble IT deity back with another tale as requested. This tale takes place when I was with large company with remote offices around the world. We did game testing and ran call centers. While some of my most interesting things came out of the game testing, the remote offices were... special. Some of them were merely on corporate campuses, such as our offices in Microsoft. Others were more remote. Our Hyderabad office took so long to set up we had a betting pool on when the PM would be making it back. Others, like our London office, were so random that we strongly considered firing everyone in IT there and just using trained mice. Fargo... Fargo, held a special place for all of us though. As a general rule, we tried to have as few "pets" as possible. Pets being systems that were extremely unique and requiring lots of attention. The opposite of that would be herd systems. If a machine in the herd dies, you just chop up its carcass and spin up another. You do that with the family dog and people tend to get upset. (The analogy breaks down here but I trust you get my point.) This particular pet was the badge reader system that was nothing like our other standardized systems. Every now and then it just needed a good shove. Facilities saw nothing wrong with this as they had their people there to always reboot the machine. We in IT felt somewhat differently though. The inevitable event happened. It wanted a reboot but none of the people there felt comfortable touching the system and no amount of cajoling, pleading, and outright threatening could get anyone to simply push the button. It was then I came into the office that day as others had started their shifts around 6AM. Your cast: DJ - DadJoke, an older systems admin but one of my juniors. A pretty good guy. G - Genghis, my manager, one of the coolest managers I've ever had and would work for again in a heatbeat. Me - your humble IT Deity DJ - Fargo is down hard with no one able to get in. G - This is getting a lot of attention, we might have to send someone out there. Me - Did anyone look to see if there's iLO or something like that we can use to just bounce the box? DJ - Nope, this is running on just a desktop with a cheap UPS, not a managed PDU. G - u/unfeignedship you up for a quick trip. Me - Seattle to Fargo isn't a quick trip... you're not still pissed about when I said you had a Cmdr Riker haircut are you... G - Nah, your pay cut made up for that. But if we can't get people in the office they can't do payroll which would be a big deal and we incur fees every time we call the office management to unlock the door. Me - Did anyone scan the box from the utility box on-site to see if there's anything we can do? DJ - RPC crashed, so no RDP. Me - Yes, but did you scan it? G - We can check if remote desktop is working... I quickly drop nmap on the utility box and see that it's running Windows 2000 and even better an older version of SQL 2005. Prior to SQL 2005 SP4 there was an extended procedure called xp_cmdshell that was one of the easiest ways to compromise a server running SQL. It allowed you to execute command line tasks in the context that SQL server was running. So if it was running as System, then you could add users to the machine or all sorts of nastiness. I quickly check if we have the sa account for this box and we do. Ten minutes later... EXEC master..xp_cmdshell 'shutdown -t0 -r -f' Me - I just rebooted the server. DJ/G - How?! And that's how I used a SQL vulnerability to save a long and boring flight. [link] [comments]  |
| Posted: 01 Apr 2019 09:58 AM PDT We migrated from Lotus Notes to Office365 and although it was a bumpy road (Skype sucks) it's gone fairly well… We have a likable but VERY volatile executive who understandably just wants his stuff to work without unnecessary drama. He's better with computers than many but he has his moments. We have remote control support, but the execs like to see a body and so we walk over to assist when we can. ME: Standard phone greeting Exec: Every now and then when I want to get into my email or calendar I get this broken-ass bullshit that looks different, doesn't have all my mailboxes and is just generally a hassle to use. ME: I'll be right over… (The walk to their wing often gives us time to get our thoughts collected and plan an approach to the reported problem, but I honestly didn't have a clue what might be going on.) ME: Hi Exec, would you show me what's happening? I watched to see where he was going and it immediately clicked… Exec: Launches the shortcut: Damn, there it is – that's just about completely useless to me. ME: At some point BOTH Outlook and OWA shortcuts were pinned to your Taskbar. Unless you hover over them to get the text description, you wouldn't know which is which. Exec: Please tell me this hasn't been a case of me being special all along, I thought those were the same thing… let me check it. Checks and of course, the identical shortcuts launch their associated OWA or Outlook. Exec: Well for fuck sake! Please get rid of the bad shortcut and wait a minute… While I unpin the OWA shortcut, he pulled out a cafeteria voucher pad and wrote me one for $20. Exec: This is one idiots' apology and thanks. I wish that I could buy you a beer instead. EDIT: I hadn't thought about this being April 1. I was looking for something else and came across an old email from this exec, which made me think of this situation. This happened last July-August. [link] [comments]  |
| Accounts will not work when disabled. Posted: 01 Apr 2019 12:00 PM PDT Got a ticket in saying that an employee who had quit a few weeks prior had come back to work again (weird, but okay) and the ticket request was to re-enable her AD account. Hired back for the same position, so no changes I need to make in AD other than to right click on her account and re-enable it. Cool. I can do that. I do that. Account re-enabled! WOO! Update the ticket with, "Hi $Name, I re-enabled $OtherPerson's account, she should be able to get signed in to everything again. If she needs her password reset, please let me know, otherwise the last password she was using prior to her leaving should still work."' The ticket was updated at 9:40am. This time is important. Radio silence and no response to the voicemail I left asking for some follow up. Not a big deal, sites get busy but, also, it's a super simple ticket and I want it out of my queue so I'd like to get it closed out. Update the ticket again around 1 with, "Hi again $Name, Just wondering if $OtherPerson has had a chance to try logging into her account again. Please let me know if she's still having trouble or needs her password reset." Response: "Hi Oricu, She tried this morning when she got in at 8 and all last week and it was unsuccessful." Well. Yeah. Prior to my 9:40am update in which I told you I re-enabled her account, it wouldn't work because the account was disabled. One of my co-workers said they could see parts of my soul leaving my body as they read through the ticket note exchange. I asked her to please try again and am waiting to see if it works or if I need to just reset the person's password. [link] [comments]  |
| Posted: 01 Apr 2019 12:34 PM PDT Since I took over as the I.T. Manager late last year at my work, I have really been hammering home the need to encrypt anything with "sensitive" or "classified" info. The validation for the effort came with the following email:
I promptly responded with:
I am happy to say $user hasn't had a repeat and is also proactively reminding HIS department to ENCRYPT! [link] [comments]  |
| Omniscience is not a job requirement Posted: 01 Apr 2019 08:19 AM PDT The eternal problem of tech support. If it's tech related, we're supposed to know about it, right? If someone stashes a server in a closet and never tells anyone, we should know. Right? Apparently. My job is the messenger. First line support for known and petty issues like password resets, and then sending off any more complicated things to vendors that may or may not do their job. It is five minutes before my shift ends. It's been boring, it's been dull. Please reboot the device that you insist is broken. No, logging out is not rebooting. Please reboot. Is it fixed? Good, bye. Five minutes. Just five minutes. Oh look, a call! $User: Hey! The dashboard is broken! $Me: The what now? $User: The dashboard. $Me: I heard you the first time. What is the name of the system the dashboard is attached to? $User: No clue! While still talking to the user, I'm frantically searching our very lacking knowledge database for any keywords the user is mentioning. No dice. $Me: Okay.. What do you use the system for? $User: I don't know. The only person who uses it is $FinancialManager, and she's not in today. Now, you have to understand something about the company I work at. It's huge. Beyond huge. The system diagrams we might deal with span several pages. It's a company that spans a (european) nation, with millions of customers and thousands upon thousands of users. The sheer amount of systems are impossible to keep track of, except to my coworker who remembers everything. Said coworker had no idea what they were on about. As it turns out, some obscure department got some obscure web based tool made for them by some obscure vendor that only had a single reference in all our documents, and that reference was just contact info. At no point in this process was the service desk consulted, or given any information on how to support it. It also turns out that the user had been in touch with the vendor. The tool works fine on their end. It's something with our network. That is of course the "Aha!" moment, because I know that another vendor had recently migrated something something VPN something something firewall something something servers might break. Except.. I don't know the URL to the tool, nor do I know what server it's on (except that it's internal), nor do I know what the tool does, or who commissioned it, or anything really. Here's where I'd like to say that if we weren't told it exists, it isn't our problem. That's not the case. Even if it's never been mentioned to the IT service desk, we're responsible for ensuring the right people know about it and fix it. There aren't any consequences for failing to figure out a ticket of course, except if it's a pattern of incompetence etc etc. Tickets can be closed with "Insufficient information", as long as a good faith effort has been made to resolve it. I'm just about ready to send this mess off to another department that handles tricky issues when the user mentions seeing an email from someone about the issue, which had been helpfully copied to the service desk. It had all the necessary information. Information that really should have been given to the service desk THREE YEARS AGO when the thing was made. "But it's only used by a handful of people and we didn't think you'd need to support it!" - THEN TELL PEOPLE NOT TO CALL US TL;DR: What do you mean you don't know how to fix the thing you don't know exists? [link] [comments]  |
| You're right. This is clearly an issue with the app Posted: 01 Apr 2019 12:21 PM PDT Quick background. The company I work for makes applications for other businesses and provides operationa services for said applications. Job came in yesterday regarding a user that, once logged in, the app was showing them as 'out of service'. Normally a PC restart fixes this but the notes say they have already checked that. Now I know rule 1, so I email them that a restart normally fixes the issue as the issue is usually caused by a certain process hanging in he background. But since they say that they have already tried that I ask if they can have local IT run task manager and see if the process is hanging (after the exit the app of course). In the meantime I look into the logs and can see that the process is actually getting stick trying to connect to the app. Now these are both on the same machine and this issue is a new one I haven't seen before so I look up some documentation. While trying to figure this out, my colleague is looking at user status from the app for another ticket. I notice the name of my user in there and can see them actively doing work. That's strange, but often times when a user's issues stop, they think to inform anyone. I flick a message back to the ticket opener saying that it appears the user is working now, so I will resolve the ticket. NO. Issue is still occuring they say. The user has just switched to another PC, that is why they are able to work now. Click. I sit there for a bit. So. The user is fine on another PC, but not the first one? The app is exactly the same on both PCs? The user's setup doesn't change from PC to PC? The only variable in this is the PC being used, but they are right. It is clearly an issue with the app. [link] [comments]  |
| Posted: 01 Apr 2019 09:51 AM PDT As I mentioned before, my boss would say some really weird things to me at times. Random times, and he'd act like he'd just spoken gospel like wisdom. Generally it just left me dumbstruck. Not out of awesome, but because then my brain would hurt. These things were rarely, if ever, prompted by my actions, except for one case. If it was something I did it's because it wasn't exactly to his specifications, as in he didn't communicate what he really wanted, despite being asked and getting confirmation. Bo$$ and I we're discussing a major project and it had happened that I was already working 16 hour days and had four hours of commuting, and my daughter had also been up most of the night before not feeling well. Needless to say, I was tired AF and somehow managing to not just drop to the floor. As it was, I was absolutely mentally and physically drained from the job from months of being stuck at the office at all hours, then having to work at home on top of it. My life was falling apart because of the job, my marriage was having massive strains, I barely saw my kids, and because I was too tired to even do anything on the weekends (when I wasn't stuck working), the house was falling apart. And so I yawned a little… Bo$$ - taken aback by this ..oh I'm sorry am I boring you? Me - no brain functions left to even attempt to guess if he's being serious or not.. oh sorry man. It was an extremely long day yesterday, and was also up all night because my daughter was sick. Bo$$ - oh, well just so you know… Oh boy here comes another weird thing… Bo$$ - there are people in the office, not me(points to himself weirdly), but..people, who will get offended if you yawn around them. Me – um…..brain just stops at this point. I knew there was a look on my face that betrayed me Bo$$ - just so you know… Me – sorry did I offend you or…should I be aware of someone in particular so I don't accidentally offend them? Seriously I can't think of anyone who'd be offended. Everyone else is fricken amazingly nice there and I just can't see it Bo$$ - I'm not going to say who but, it's not me. Me – uh… Bo$$ - just sayin' So, apparently I either offended him or he pulled that out of his ass or I don't even know. Other wonderful things said to me during my time there: "Your predecessor did that and they aren't here anymore" "I'm flexible on time. Like if I work long hours I'm ok with going home a bit earlier" – what he really meant was I, not me or my colleague. I had worked hours upon hours late into the night, and weekends. I can only recall two times I got to leave early. One was I think Thanksgiving. He let me go home 10 mins early the second time was my last day and I left early in the afternoon. "I reserve the right to change get my mind about things at any time, for any reason." – not as in, he's the boss, and sometimes deliverables or technology tracks change to suit the business, but more as in, he decided, hey IT-F go do this, and do xyz. Later on he'd decide no I want it done abc. Then later on fgh….and so on. And he'd get irate about tiny little things like font size, font type, I shit you not, I recall a single spreadsheet was changed at least five times over fonts and colors and such. Then there was the need to always complain at every conversation with me. Never failed. Could be a perfect day and he'd nitpick about something. I shit you not, he alluded to, based on what he told me (so his wording, not mine), making decisions against using software or hardware because he didn't like the color of something in an app, or the design isn't the way he'd do it. And of course he'd say he'd do much better if he had the time. On the topic of commutes, 20 minutes was apparently too long. Meanwhile I was falling asleep in 2+ hour traffic each way. He also emailed my colleague and I once that he expected us to be available 24x7x365. He wasn't kidding. No I didn't get paid more for it. I once took earned holiday time off and he emailed me a few times, even saying basically he didn't expect me to respond but then dropped this whole email after. I had to take a sick day once due to extreme fatigue (ended up at the doctor's as well), and he called, emailed and texted me every so often with, "hey what's up…just checking in". Actually feels really therapeutic to talk about these things. There's more odd things said to me, but these were the ones that stuck with me. Coming soon Part 7: The revelation But first part 6: The keyboard and mouse and the last straw Index: Part one [link] [comments]  |
| Strange Training Class Experience Posted: 01 Apr 2019 08:57 AM PDT I administered a high-end Product Lifecycle Management application. We were upgrading to a new release with a lot more functionality so I flew to California for a week long training class. The class is about eight or nine people. We do the usual introductions and it turns out six are from the same company and the CIO is one of the attendees. This should have been my first clue something was about to go into the twilight zone. There is another person like me who is a jack of all trades system administrator at his company and another just learning. The instructor goes over the syllabus for the week and the CIO interrupts immediately. He doesn't see in the course outline where we are going to be shown the underlying code in the application. This application is what is called COTS or Commercial Off The Shelf software. The vendor supplies compiled code that you install on a server and connect to a back-end database. Basically everything is self contained and you don't see the code, just the application. The instructor tries to explain this and the CIO gets angry. After much discussion the instructor gets across to him that this is outside of the scope of this class and he needs to talk to his sales person or account manager. He storms out of the room. We pick up from where we left off. We get to the first break and the CIO starts in on the instructor. The instructor patiently explains to him there is no class that goes through the code inside the application. The CIO asks how they train new coders. The instructor explains that is handled in a different department and is not available to customers. Now the CIO has a bone to chew on. Why not? All of his other applications supply the code. Which is true for the ERP (Enterprise Resource Planning) systems but not for COTS software. So for the next day or so the CIO is jumping out into the hall and calling his account manager and his company and making his case. The other people in the class from his company are a mix of application support and programmers. So for half of them this is a waste of time. As the class goes on it becomes evident that I have the most experience administering this application. Every time the CIO leaves and we are on break his team starts asking me questions. He comes back in the room and they scatter. They are good people trying to learn and the CIO is just continuing to make a scene the whole time. I talked to the instructor and he said he was complaining about the CIO as well but was told just keep to the syllabus and teach the class and not to go into the underlying code. He was generally interested in my experience as he had not worked with someone like me who had been working with the application as long as I had. So over time I get a sense of the whole story. The CIO is old school and doesn't like COTS software. He can't wrap his mind around not seeing the underlying code. Also it looks like this application was purchased outside of his department and he has been ordered to support it. I could see why the other department purchased this and forced it down his throat. The case he was trying to build is he can't support something without the underlying code and the vendor won't supply it. In his mind he built a solid case but unfortunately for him the world has changed. I doubt he lasted much longer in his position. By the time we get to the end of the class the CIO is decidedly unfriendly to me. Each time he leaves the room his team comes to me for help and each time he returns they scatter. One of them finally tells me he has told them not to talk to me. I had finished a large scale ERP project earlier in my career so arguing with CIO's and winning is within my skill set. Also knowing when to just feed the other guy rope knowing he was tying his own noose is also within my skill set. I did give his team some hints on rope making... The final day of the class the instructor covered working with the support site. Since we had broken their application repeatedly I had by far the most experience in this area, even beyond what the instructor covered. We went over entering tickets, getting patches, testing them and promoting them. I could tell the CIO's team desperately wanted to talk to me and he was openly glaring at me, daring me to talk to them. I did get to speak to them briefly when he left the room and gave them the down low as much as possible. I never found out what happened at that company as they weren't allowed to share their business cards with me. All in all a weird experience. [link] [comments]  |
| Posted: 01 Apr 2019 08:42 AM PDT Brief background i work for a small sales and service store in rural America. I mostly do L1 basic stuff plus virus/malware removal. I gwt customers with all different levels of tech prowess from the computer programming student that spilled "liquid" (aka beer) on his laptop to the grandmother who knows how to get on Facebook and play her games and that's it. Today i had one of the latter. Im checking in her laptop because it needs cleaned after her granddaughter defragged the hdd and supposedly screwed everything up that it runs slow now. So im making the ticket up and i asked her if there was a password on the computer. She looked at me as if i was speaking greek. Me: "so when the computer first loads windows does it ask for a password?" Customer: "oh i dont use windows" Me: "no when your computer first comes on and you click on the profile pic to login does it ask u for a password?" Customer: "i dont have a profile pic, i just click on the mozilla in the bottom bar and facebook comes up." Me (beginning to think im getting april fooled) no when your computer turns on does it ask for a password? Customer: i dont know i never had one I finished the ticket and as soon as she left i put my head down on the desk and just laughed [link] [comments]  |
| You are subscribed to email updates from Tales From Tech Support. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment