It’s fun to see this sort of thing getting on the front page of lobste.rs, hackernews, etc. since it’s inevitably going to be:
Used by a lot of people, e.g. after searching for how to detect chrome headless.
Be made useless within a matter of days, as chrome devs or users systematically remove these differences.
When I was an undergraduate, a bunch of Sun thin clients got installed on campus, locked down to only run Firefox, and only show the University Web “portal” (webmail, etc.).
It was fun to find ways around these restrictions. It was easy enough to visit arbitrary Web pages, by putting the URL in a draft email. Having a draft containing google.com would allow access to anywhere. More interesting was to add an empty attachment with a ‘.tar.gz’ filename suffix, which would let you bring up Firefox’s “open with” dialogue. Open with /usr/bin/xterm or /usr/bin/gnome-session to get access to a nice unix terminal/desktop to work from (all the other campus machines were windows)
Whenever we found a working method, we’d post it to a thread on our student society forum. Sure enough, someone from IT would read the thread and block off those mechanisms, so we’d find some more and post those :)
Back when I was a temp bank cashier (late 90s) I amused myself by connecting to a new system (based on AIX as opposed the mainframe-based interfaces) and was able to get a (user) shell by invoking help and ctrl-Z’ing.
Being a good boy (and mindful of all my activity being tracked) I sent an email to the head office detailing my “exploit”. I don’t know if they took action though.
It’s fun to see this sort of thing getting on the front page of lobste.rs, hackernews, etc. since it’s inevitably going to be:
When I was an undergraduate, a bunch of Sun thin clients got installed on campus, locked down to only run Firefox, and only show the University Web “portal” (webmail, etc.).
It was fun to find ways around these restrictions. It was easy enough to visit arbitrary Web pages, by putting the URL in a draft email. Having a draft containing google.com would allow access to anywhere. More interesting was to add an empty attachment with a ‘.tar.gz’ filename suffix, which would let you bring up Firefox’s “open with” dialogue. Open with
/usr/bin/xtermor/usr/bin/gnome-sessionto get access to a nice unix terminal/desktop to work from (all the other campus machines were windows)Whenever we found a working method, we’d post it to a thread on our student society forum. Sure enough, someone from IT would read the thread and block off those mechanisms, so we’d find some more and post those :)
Back when I was a temp bank cashier (late 90s) I amused myself by connecting to a new system (based on AIX as opposed the mainframe-based interfaces) and was able to get a (user) shell by invoking help and ctrl-Z’ing.
Being a good boy (and mindful of all my activity being tracked) I sent an email to the head office detailing my “exploit”. I don’t know if they took action though.