As a junior network administrator at a small local ISP, Kiefer R.'s job is pretty mundane. Aside from the occasional bandwidth problem investigating, cable laying, and spline reticulating, there's not too much excitement.

One morning, Kiefer's boss said he was going to come down for a chat, so Kiefer loaded up a bandwidth monitoring utility and pretended to be busy. "Kiefer," Mike began, "I just wanted to give you a heads up. We're having a guy come down next week to run some security checks on our systems here. Particularly our main web server."

"So, you need me to show him the ropes, or..."

"Oh, ha!" Mike started laughing. "No, not at all. This guy is like some kind of Super Hacker!" he exclaimed while waving his hands dramatically. "More like he'll be showing you the ropes! Ha!" Kiefer rolled his eyes.

The Super Hacker arrived the following week. He was there only for two days while he worked on his mission — shutting down the main web server from outside the network. He'd be in the office from 9-5, where he could talk to the staff and review some of the code to find sections he might be able to exploit, but he'd only get paid if the server was shut down while he was not in the office. He didn't receive any usernames or passwords as the testing was meant to simulate an attack on the web site from an average hacker. Should he accomplish his goal, he'd earn $3,500.00. Working in the Super Hacker's favor was that the aging site was last updated in the late 90s, and almost certainly had pages that would be exploitable.

When Kiefer came in the following morning, his boss was stopped him on his way in.

"Well, our Super Hacker has done it! Turns out it must've been a pretty easy exploit," Mike said, "it hardly took him any time at all. Plus he's already patched it!"

Kiefer couldn't deny that he was impressed. "So how'd he do it?"

"I'm not sure — I haven't gotten his report yet. I should have it by the end of the day."

Kiefer's curiosity was palpable. He asked around for details on the exploit, but no one was talking. Clearly, some people knew what had happened and just weren't willing to tell. Finally, someone told Kiefer that the fix was in the form of a Python script, and that if he read the script, he'd see the exploit.

How the aptly-named Super Hacker had managed to shut down the system remotely and provide a fix so quickly intrigued Kiefer. After poking around the network, he finally found the Python file that contained the Super Hacker's fix:

#!usr/bin/python
# Paying someone $10 to pull a power cord for $3500
print "(C) <Name Removed> 2008."

Of course, the fix alone wouldn't prevent future attacks using that vector, but management's scolding of the night staff would.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!