The Shifty Person's Guide to 0wning Tire Kingdom
by The Thermionic Overlord
With stores splattered all over the United States, chances are you've been to a Tire Kingdom at some point for an oil change, tires, or an overpriced brake job. Tire Kingdom sure runs a slick business, with intimate corporate micromanagement made possible by a centralized network architecture.
Imagine what you could do if you controlled Tire Kingdom's main computer systems: With manager's privileges alone, you have the ability to hire and fire employees, change pay rates, look up commercial and consumer credit card data, even commit outright theft.
It's easier than you think with this article as your unofficial guide.
Getting In
The heart of Tire Kingdom is as400.tirekingdom.com, an IBM AS/400 located in Juno Beach, Florida.
All 600 or so stores in the U.S. connect to this system every day through standard DSL or cable connections for upgraded stores, dial-up lines for older ones.
If you Telnet to as400.tirekingdom.com, the system will throw you a login screen at any time of day or night without complaint.
What about that username and password? Pick a store number. For Store 121, log in as S121, password S121, et cetera. You can't actually do anything unless your IP address is recognized by the system (TKI) but there exist ways around this problem.
Waltz up to your local store on a Saturday when they're slammed and take a peek at the generic PCs on the counter running terminal emulation software.
Each one is numbered in the pattern of S (store number) PC (PC number), as in: S121PC03
On the terminal (software, that same PC would have a display ID of: S121DSP03
Taped to at least one of the computers at the main counter will be a list of employee numbers for everyone at the store, including managers. You have to be behind the counter to see this, however...
Getting Behind the Counter
If you'd like to play around with the system from a store location with impunity, ask to speak to the general manager and tell him you want to apply for a job.
Note the name of the store manager. You'll need it later. He'll most likely steer you to one of the PCs immediately and log onto Tire Kingdom Intranet (TKI):
Host: intranet.tirekingdom.com Username: TK(store #) Password: TK(store #)He'll sign into the Deploy hiring management console with his employee number and password and leave you to fill out an application. As soon as he's gone, fire up a command prompt and enter:
Note the last hop on the store network and write this IP address down for future reference. It's the Cisco 2500-series router underneath the counter. You'll have no web access because all DNS requests besides Tire Kingdom Intranet and a handful of partner companies are blocked.
If you've brought your handy flash drive with a keystroke logger program, now is the time to take advantage of it. Dump the program into an unused directory, fire it up, and don't worry for a second about an anti-virus. You won't find one.
When they're not paying attention too closely, pick up their phone and call another Tire Kingdom, not one in the general area of yours. Explain to whomever picks up the phone that you've lost/spilled coffee on your yellow book with the tech support number in it, and could they pretty please give it to you, you're having trouble connecting to the AS/400.
Write this number down on a piece of paper along with the manager's employee number, the router's internal IP, the store's external IP if you can find it, and whatever artistic doodles you've been working on.
Day Two
Wait until Monday to return to the store as Sundays are generally dead.
Make sure you get a good night's sleep since you'll have to work quickly today.
Walk in as if you own the place and tell the body at the counter that you're finishing an application. Return to the same computer and copy your keystroke log to your flash drive, making sure to wipe the original with the Wipe utility you should be carrying.
Busy yourself with whatever hackerish antics you desire until the body at the desk is no longer paying close attention to you, then grab a phone and walk it around a corner for some) privacy. By now you should know the manager's employee number, password, router and store IP, tech support phone number, and a static IP address associated with a public computer (not the one at your house).
Quick Note on Tire King Passwords
Every Tire Kingdom employee has a six or seven digit employee number which they keep during their tenure at Tire Kingdom.
They also have a password between six and eight digits long, as mandated by the AS/400's security policy, that must be changed every 90 days.
The password cannot be the same as any of the two or three previous passwords and cannot contain special characters to my knowledge.
However, 99.9% of all Tire Kingdom passwords will be completely numeric as every counter employee including managers keys with their right hand on the numerical pad. For speed, most of them are only six characters in length and are chosen to be quick to pound out.
Tech Support is Here to Help You
Call the tech support number.
Have your spiel polished, rehearsed, and ready to go. When you get someone on the line, tell them some variation of the following:
"Hi, this is (manager name), the manager of TK (store #), and we're having a lot of problems with our Internet access. I keep getting an error when I try to connect, the AS/400 keeps telling me I'm signing on from an unknown IP address, and to call you guys with this IP address: (the static IP of a computer you have access to)."
If your social engineering ruse works, prepare for pandemonium as the Tire Kingdom you're in loses all access to the AS/400. Hang up the phone and walk out, and quickly get behind the IP address you gave the help desk.
0wning
By now you should have all of the information you need to spectacularly 0wn the AS/400 as a manager.
The AS/400 is configured for ease of use, and finding your way around should be no problem.
For real fun, log into intranet.tirekingdom.com, click Deploy, log in as your managerial self, and promote everyone as high as you possibly can.
Deploy will give you access to an employee's home address, all personal information, sometimes even a picture. The AS/400 has provisions for retail credit card lookup, too...
If you dig deep enough, you'll find information that no one should be able to access, maybe even your...
Shouts to fysch and lynch, Lardlog, 3m0t3, DJ Hekla, and the (((Democratic Congress))): Please don't f*ck it up.