Remote Access Demonstration Screenshot

Computer Labs Security Vulnerabilities

Cybersecurity

12/3/2024

During a regular session in the computer lab, I noticed NoMachine installed on the systems. After researching (basically googling) the software, I learned that NoMachine is a remote desktop solution operating on port 4000 using the NX protocol.

Time to exploit

  1. Setup
    • Installed NoMachine on my laptop
    • Attempted connection to lab computer’s IP
  2. Authentication NoMachine connection information
    • System prompted for credentials
    • Default student credentials were accepted
  3. Successful Access Login by student Credentials in NoMachine
    • Gained non-administrative remote access
    • Full user-level control achieved

Remote Access Demonstration

SMB Vulnerability

A second vulnerability was discovered involving unrestricted access to system files through SMB (Server Message Block) protocol.

Got to know via Chandrabhan Patel, who identified the Remote File Inclusion vulnerability.

SMB Access Demonstration

Vulnerabilities were promptly reported to the ISTF and the issues were acknowledged and No machine is no more installed in the lab systems. SMB Access Demonstration

Ah so it was possible to cheat during lab exams?

While this was a natural concern, the faculty already had preventive measures in place, including disabling external connections during examinations. When the connection get stop it doesn’t just the internet it stop the local communication between devices.

Happy Hacking!

Other Posts 18
Innovation Journey: My Experience at IIT Jammu Invention Factory

Innovation Journey: My Experience at IIT Jammu Invention Factory

Jul 20, 2023
Product DevelopmentProblem Solving
Discovering Default Credentials in BAS Portal Admin Access

Discovering Default Credentials in BAS Portal Admin Access

Nov 28, 2023
Cybersecurity
App Script to Auto Shedule meets based on mails

App Script to Auto Shedule meets based on mails

May 12, 2023
AutomationGoogle App Script
Computer Labs Security Vulnerabilities

Computer Labs Security Vulnerabilities

Dec 3, 2024
Cybersecurity
Per-Process Bandwidth Tracker using eBPF

Per-Process Bandwidth Tracker using eBPF

Mar 26, 2024
System ProgrammingeBPF
Technical Lead at EII and E-Summit

Technical Lead at EII and E-Summit

May 12, 2023
Web DevelopmentLeadership
GodBot - The Ultimate Advanced AI Bot

GodBot - The Ultimate Advanced AI Bot

Mar 26, 2024
AIPython
Issue Tracker

Issue Tracker

May 12, 2023
Web DevelopmentFlask
Mess Portal Security Vulnerability

Mess Portal Security Vulnerability

Apr 20, 2026
CybersecurityResponsible Disclosure
My Journey Through NDA SSB: A Personal Experience

My Journey Through NDA SSB: A Personal Experience

Jul 15, 2022
Life ExperienceLeadership
OWASP Nest: Open Source Contribution

OWASP Nest: Open Source Contribution

Dec 18, 2024
SecurityOpen Source
Software Intern at Ripplica

Software Intern at Ripplica

Aug 20, 2025
AIAutomation
SRIP Portal Serverless Migration

SRIP Portal Serverless Migration

May 12, 2023
PythonFlask
StudySahayak - AI-Powered Content Repurposing

StudySahayak - AI-Powered Content Repurposing

Mar 26, 2024
AIFlask
Void Battle: A Terminal-Based Space Combat Game

Void Battle: A Terminal-Based Space Combat Game

Nov 29, 2024
Game DevelopmentPython
Tico: A Git Clone Implementation

Tico: A Git Clone Implementation

May 12, 2023
pythongit
Interactive Course Timetable

Interactive Course Timetable

May 12, 2023
Web DevelopmentFlask
Understanding the Dark Web: A Security Perspective

Understanding the Dark Web: A Security Perspective

Nov 29, 2024
Cybersecurity