[Roberto] recently discovered a clever way to gain root access to an HP t520 thin client computer. These computers run HP’s ThinPro operating system. The OS is based on Linux and is basically just a lightweight system designed to boot into a virtual desktop image loaded from a server. [Roberto’s] discovery works on systems that are running in “kiosk mode”.
The setup for the attack is incredibly simple. The attacker first stops the virtual desktop image from loading. Then, the connection settings are edited. The host field is filled with garbage, which will prevent the connection from actually working properly. The real trick is in the “command line arguments” field. The attacker simply needs to add the argument “&& xterm”. When the connection is launched, it will first fail and then launch the xterm program. This gives the attacker a command shell running under the context of whichever user the original software is running as.
The next step is to escalate privileges to root. [Roberto] discovered a special command that the default user can run as root using sudo. The “”hpobl” command launches the HP Easy Setup Wizard. Once the wizard is opened, the attacker clicks on the “Thank You” link, which will then load up the HP website in a version of Firefox. The final step is to edit Firefox’s default email program association to xterm. Now when the attacker visits an address like “mailto:firstname.lastname@example.org”, Firefox (running as root) launches xterm with full root privileges. These types of attacks are nothing new, but it’s interesting to see that they still persist even in newer software.
This desktop mill would be impressive coming from anyone, but we’re really excited that it was made as a high school project. [Praneet Narayan] built it during his design and technology class. As his build log shows, he worked with a range of different tools to make sure he had a rock-solid platform on which to mount the motors and cutting head.
The uprights of the frame are made from two steel plates. After hacking them to rough shape with a plasma cutter he finished the edges with a mill. The two parts were then tack welded together so that the mounting holes could be drilled in one step, ensuring alignment between the two sides. The rest of the frame parts are built from extruded rails but he did machine a set of mounting plates to pull it all together. You can see the finished machine milling a message in MDF in the clip after the break.
Continue reading “Desktop mill built as a high school project”
[Michael Chen] found himself in possession of a thoroughly broken laptop. The hinges connecting the screen to the body of the computer were shot, and the battery was non-functional. After a bit of thinking he decided that it wouldn’t take much to resurrect the hardware by turning it into a desktop machine.
At the core of this hack is the hardware that you must keep for the computer to function. That is, the LCD screen, the motherboard, hard drive, and the AC/DC brick that powers it. [Michael] ditched everything else; the case, keyboard, trackpad, webcam, etc. Next he started building his own enclsure out of acrylic. First he sandwiched the LCD screen between a full sheet of acrylic and a bezel that was one inch wide on each side. Next, another full sheet was used to mount the motherboard and hard drive. You can see how the three sheets are connected by nuts and bolts in the image above. It looks like the only other alteration he made was to relocate the power button to a more convenient spot.
Once a USB keyboard and mouse are added he’s back up and running. We’ve got our eye on an old XP laptop that might end up seeing this conversion to become a dedicated shop computer. We just need to build in some more dust protection.