The New Freedom

Jump to Comments

My school recently had an election for the student government body. The site looked pretty shoddy so I checked the source and played around with TamperData to see what was up. I noticed that the generated voting page had hidden Student UID and Name values hidden, and I wanted to check if those were the values checked when the h vote was cast or if it was actually checked from the cookie, so I wrote a script to try to generate votes from other IDs, casting a vote for Johnny Thunders. This was after casting a real vote for my good friend Jeanne, who campaigned ruthlessly by dressing up in a big red dog costume.

There are ~99999999 possible UIDs and only 15,000 undergrads, so only 1 in nearly 7000 would actually be able to cast a vote, and that’s assuming that none of those UIDs had voted already. I let it run for a few hours and tried a few thousand values before eventually giving up. A single vote wouldn’t have changed the outcome of the election, but it would show a massive flaw in the voting system that could easily be used to manipulate the vote by anybody with a list of valid student IDs.

Playing with SQL injection seemed like a much more efficient way of casting false votes, and I was actually able to cast a ‘null’ vote at one point, which I thought was interesting and maaaybbee could have been probed further to either drop a table or cast negative/positive votes, but at that point I gave up and did my homework instead and didn’t remember about the project until after the election had ended. Anyway, the initial quirk I was curious about seemed to fall on the safe side, so that’s good.

The more interesting part for me was just playing with the ClientCookie python module, which accesses the already existing cookies of popular browsers and adds urllib/urlib2 functionality in python. This let me do scripting behind the Kerberos password screen without any complicated login trickery.

Anyway, the end result is this handy little script which can do bruteforcing on sites which require a session cookie. Nothing fancy but might come in handy, you never know. Might be useful for downloading files which are sequentially named or something like that.

Click to see Diebold.py!

In the end, Jeanne lost and some other d-bags won. Doesn’t matter either way, it’s a useless body which just hinders student interaction with the administration anyway. Disband!

I feel like I haven’t been updating very much lately. A lot of my energy goes to doing stuff for BU Free Culture and to being a busy college student with a personal life as well. I quit drinking for the semester on a whim, but that hasn’t freed up as much time as I would have liked, as I’m very good at finding other ways to piss away my time. I feel a lot better on Sunday mornings, though.

I still feel deeply about digital rights, but I’ve been uninspired to write about them without anything new to say. I don’t like just linking to current developments on RIAA lawsuits or some such and giving my quick little summary, either. I’m not trying to be BoingBoing. And I haven’t been working on Anomos, the pseudonymous BitTorrent, which is the only project I really care about actually finishing (er..alpha’ing..). I’m living in a house full of my friends right now, which is a lot of fun/insanity/videogaming/danger, but very tiring and invasive as well. I’d really like to just move out of the city and be alone for a month or two and just read and study and work on all of the little projects I want to do. No time for that right now, unfortunately. Maybe in the beginning of June I’ll get back from England and move to DC for a few weeks and do just that. Hmm..

-R

---

Stumble! | Save This Page! |