Thursday, December 21, 2023

2023-12-20 - Team Effort Proxmox Pi Hole w/ class Prank Added

  •  This week we only had three classes and a "Hybrid" instead of the usual four plus a hybrid Friday. Hybrid is where we do three homework assignments from home between Thursday and Monday before class the next week so we can enjoy our Friday nights instead of being in class. The assignments are a Scrum Team research assignment, which we decide the topic of first thing when we come to class before we start working on that weeks projects for Project Day, my favorite. The other two hybrid assignments are a self evaluation comment and a comment on what you did to help yourself get employed that week, plus photo proof of it. I do this blog, which no one else in my class does--even if they think it's a good idea, so my instructor, Doug, is glad to have me do blog work as my effort to get employed or improve my employment potential. 
  • I told you all that so I could say that instead of project day being Thursday this week, it was instead. Christmas is this coming Monday and there's a staff-only Christmas party on Thursday instead of classes. Plus Doug went on vacation with his wife to Hawaii. This will become an important detail later. So he told us that if we needed anything since he is sort of on-call for his class, we all have his phone number, we can still text, but he will most likely not respond for about 24 hours. And in my case, maybe longer because I pepper him with questions that are more complex than others tend to ask. I'm not the smartest in the class--just the most curious. 
  • So Doug's friend and our on-call substitute teacher, Zack, was there. Zack and Josh are both previous graduates of the same class, and Zack got occasional employment from MTEC and Josh is still looking for a job and has no car, so he often comes and they both hang with Doug in class a once or twice a week whether Zack subs or not. They're pretty cool. And Owen is the security guard, whom I've mentioned before and gave me the idea for doing the PiVPN so I could get remote Pi Hole DNS blocking for my phone and laptop. He also hangs occasionally. 
  • Yesterday, all three were present and Owen security-guarded less than he usually does because he spent the whole class in our classroom working on projects with us. He used to be apart of our class but only wanted the COMPTIA Fundamentals certification I guess. He doesn't want to go into IT for a living, he just wanted to know more and got to take the class for free since he's an MTEC employee. We joking asked, "What if someone comes in blasting rounds into empty classrooms while he's in the classroom with us?" 
  • He leaned way over from the chair he was sitting in to see into the large foyer of the first floor, which our classroom is attached to from one side, and claimed, "I have a good view from here if anything were to happen!" 
  • Of course this doesn't matter much. The other night-class in the building was for a nursing certification or something, located upstairs. We're the only ones that would immediately face any trouble if someone came to cause trouble. But the only real reason we have an armed guard at our campus is really because of vagrants that try to hide and sleep in empty classrooms. 
  • Zack didn't have us meet in Scrum Teams, he just started off with project day. He told us that we needed to do projects and instead of doing a highly organized approach where there are mostly set projects for everyone to do and Doug would normally divvy them out and assign tickets and complete them and prioritize certain tickets over others for future potential project days, Zack just walked passed Jack and myself, saying that we needed a Pi Hole virtual machine in Proxmox. I thought, oh, I know how to do both of those things. But I have never created a Pi Hole in a virtual machine before and thought that sounded more challenging. But before he moved on, I thought about the capacity of the Pi Hole to block certain sites, and because of some pranks that have been going on with the day-time IT class in our classroom, I had an idea. 
  • I don't mean to get too carried away here, but for a long time now, at the two student computers in the far back right side of the room, next to one of the server cabinets in our classroom, where Jack likes to sit since our crop of students that came in August are now more advanced students and that is where the advanced students like to sit, on the right side of the classroom, which has a few computers that connect to the servers directly and do not run Deep Freeze. (Deep Freeze is a software that restores and protects the condition of a computer, so every time it boots, it reverts automatically to a predefined state. Nothing installed or loaded to that computer remains, not even added folders. Those changes are only in RAM, and then when the computer boots next, those changes are gone.) The fact that these are the only four computers at these two tables on the right side of the classroom that don't run Deep Freeze is also kind of crucial to the story. All other student computers run Deep Freeze and are located all along the left side of the classroom and this is where all the Fundamental students typically sit for the first month or so of class. 
  • After Jack moved away from the computers on the left with Deep Freeze and these annoying cardboard partitions between every computer, he started noticing this annoying Goose wallpaper or something, it might have been "Desktop Goose", which someone from the day class kept installing both of the computers closest to the servers in the far back right side of the room, one of which Jack sat at. Desktop Goose in particular is a prank thing you can install to annoy your friends when they use that same computer. It will appear and a goose, leaving tracks across the screen, getting in the way of your work, will track all over the screen and even steal the mouse pointer as it goes. 
  • Jack got annoyed about a month ago and decided he wanted to retaliate. This prank could only be done on this computer because its one of the few that doesn't use Deep Freeze and this also means that whatever prank Jack decides to use will also remain after a fresh reboot. So he started researching scripts he could write in order to get back at the day students that kept reinstalling the Goose prank on the computer. He happened to tell Doug and I because he was proud of his invention, and so Doug also got creative. Jack installed his iteration of rebellion on the computer he always sat at, and the computer across from his had the same problem every day despite uninstalling it all the time, which caused Ronald to complain too. So Doug installed his punishment on the other computer. 
  • Doug created a script that was devious even if I feel like initially, it doesn't seem to have that much teeth. But let me explain. About every ten or fifteen minutes, once Goose is installed, a window appears on the screen telling the user that they had just won a free cupholder, and the CD/ROM drive pops open. However, this is only where it gets started. He was really pleased with himself for doing the CD tray popping out every ten or fifteen minutes. Then this is where it gets super devious. If you try to uninstall it, there's nothing to uninstall. If you check the task scheduler, which he utilizes to create this attack, it's hidden and renamed as a required system file that no one would want to touch incase they bricked the computer, and if you still deleted it, it would simply reappear with the next reboot of the computer, it'll reinsert itself in Task Scheduler because of a hidden script that runs in PowerShell, which automatically runs at bootup, which is also renamed as an important system file, and so the computer doesn't get rid of it during an update or something, he has hidden it in one of the system folders for the Edge Browser, because that is one thing Windows refuses to get rid of. And so if you mess with that folder, you will mess up the operating system and have to reinstall it so it will work properly again. This is due to Microsoft's intentional integration of Edge into the OS so it cannot be removed. And so this is turned into a useful mechanism that also protects his secret script that always runs at bootup. This is so deep in the computer, that no one would hope to ever actually uninstall his prank. And when you thought that this could potentially mess with other students, such as Ronald, who uses that particular computer at night, no worry because this script and its subsequent Task Scheduler job are both set so it will only work between the hours of 12PM and 3PM, when the day-class, the only other class to use this classroom, will be using it. Points to Doug for being so devious and the potential to really demoralize the offending student. 
  • Jack created a script that I like that messes around less but it makes this prank immediately unthinkable with serious consequences. He created a task in Task Scheduler that launched the "Anti Goose" application every time the system started. He named it as a system file that no one would want to touch, called something with One Drive in the name.
  • Jacks script automatically and immediately shuts down the computer every time goose is typed on the keyboard. The script automatically runs at all times on the computer. See, since the student that keeps installing the Goose Prank is the only one that will likely type the word "goose" into the computer anywhere whatsoever, despite that this script runs twenty-four/seven on this computer, it would only ever affect the student that typed the word goose. So points for simplicity, but also points for getting to the point, which is why I like Jacks. Although they both win in my book. It's just that Jack's method seems to have a higher potential for visibility, like clearly if you keep trying to type goose on the keyboard whether your typing it in a document or a google search or even just typing letters while starring at the blank desktop, Jacks script will take immediate affect. In fact last night when Owen was about to shut down the computer for whatever reason, I think to fix a problem, Jack told him to just type goose instead of going through all the trouble to do it the traditional way. This script is so affective, that the offending student can't even attempt to successfully install the Goose Prank on Jacks computer. 
  • So this happened about a month ago. We asked Doug what the likelihood was that this would get resolved by the day class and he said none. The instructor that runs the class is a good guy and Doug likes him, but he's not as advanced as Doug is because Doug is one of those guys that at his other job, he knows more than his supervisors. According to Doug, IT is a job where you can get cushy real easily and just do the same things all the time and never be challenged. Once you learn all the stuff they will need you to do most of the time, that's it, you're good, and you're not terribly likely to get fired because that business will have a sort of proprietary approach to how they do things so once you have learned that approach, they will always need you. But Doug is the guy that wants a challenge and so whenever there's a problem that comes up and no one else knows how to do it, he's the guy that they go to. It is sort of common at Doug's other job to hear the words: Oh, that's a Doug Problem. But as Doug outlines it, they see it as though they benefit because they can do all the stuff Doug doesn't want to do, and Doug does all the stuff they don't want to do. But the way Doug sees it is that he is constantly advancing his understanding and abilities which gives him a lot of fulfillment, but which coincidentally also gives him a lot of job security. 
  • I'd like to do what Doug can do, but Doug is sort of hard working all day every day and even works on his days off for fun. He has tons of IT projects he does at home. He wants to do a sort of room presence tracker that turns lights on according to what room is occupied and turns lights off in rooms that are not occupied. I told him it'd be funny if like in Harry Potter where the Weasley's have that clock in the kitchen that tells, not the time, but each hand of the clock will tell the location of a member of the family. So Arthur works at the Ministry and so when he steps in the fireplace and goes to the Ministry, the Arthur hand moved to "Ministry". When he comes home, his arm moves to "Home". And there are other locations such as Hogwarts and so on on this clock. I told Doug that he should do the same thing somehow and he joked back that as a joke, for a present to his wife for her birthday or something, he could just make a clock hand for her, and it only tracks her movements. "So you're going to add a Doug hand?" "Oh yes of course....one of these days." 
  • Doug actually created a cool Harry Potter themed Halloween It project a few months ago where he #D printed a wand with an IR (infrared) sprayer in the tip with a battery pack in the handle, and a Pi camera in his livingroom, and when you do one of four spells with the wand, it activates one of four things in the room. He has a players piano which he connected to a vacuum motor in his garage so when you flourish the wand in a certain shape, it activated the piano for like fifteen seconds and it played something Halloween themed. Another one lit up a cauldron with dry ice flowing out of it, and then there were two others. So he had to use a Pi camera to catch the video of what you do with the wand, and that transmits the video to his server in another room of his house, which is running a script in python that he taught to recognize shapes made with the tip of the wand in IR from one frame to the next and activate a script to turn something on whenever it recognized the shape. It was really cool and it took him like a few weeks to figure out from scratch. Yes I know the Harry Potter theme park does this too, but Doug only used the idea, not the code or anything else. I went to his house and saw it in action and did it myself and it worked. It was really cool. But he's not a Harry Potter fan so this isn't something that he wants to do, his wife wanted to do it so he did it as a favor since she didn't know how. 

  • So Zack told me and ack to make a Pi Hole on a Proxmox virtual machine. Jack liked the challenge of doing it on the server rather than one of the Pi's we had lying around the classroom. And so did I, so I was going to do something else to catch up on all my tasks, but I had to do this, which is turning out to be my downfall, every single time I go to class. Then Hector sat down next to Jack and joined in. There were actually some aspects to this that I had no clue how to do, and so we all played our own parts. I created the virtual machine and was going to install Ubuntu server too, but Jack beat me to the console and I got kicked out of the console, so I told him what command to type to install Pi Hole: "curl -sSL https://install.pi-hole.net | bash".
  • Jack is way faster than me so he had this done in a very short period of time. He didn't know at first what to do with all the questions that pop up throughout the installation process, but I told him most of the time you're just going to press yes or ok, like Doug told me four months ago multiple times. It worked. We weren't going to install a VPN like I did though because we only wanted this to act as our DNS server for this classroom. Which brings me to the prank I asked about doing when Zack gave us the task. 

  • I suddenly had an idea when Zack was casually assigning this task to me and Jack and as Hector walked up, I said, "Just for fun, wouldn't it be cool if we also configured the Pi Hole to block something on the network to give the day class a little grief? Not anything that is really intrusive, but just something minorly annoying." That's when Zack said the thing that might damn him. He said we could block Spotify, which Doug uses every class to play lo-fi music on the projector screen speaker all throughout class, which most of the time isn't annoying. But for me there is one song that comes up on his playlist that I find kind of annoying. We all jumped on it, yes, lets block Spotify from every computer in the classroom, and any computer that uses the IT student project server WIFI network called "HiddenNetwork". This is when Owen had walked in and started going on and on, which Josh joined in on, telling me about how you don't want to go to war with Doug. He will ruin your life. He vaguely told a brief story about how that's all they do at his other IT job, is they play IT pranks on each other, and Doug is the best one at it. He always comes out on top. We plowed ahead while I occasionally commented that we can just tell Doug that it was Zacks idea. They thought that I was actually worried but I didn't think Doug would do anything particularly bad to me. 
  • Jack quickly figured out the installation process of Pi Hole and didn't need much of my help anymore, I only told him a few things he needed to do in order to do it. Once Jack gets going, he has a lot of motivation and doesn't get stuck on things for very long, as far as I can tell. And he works quickly. Sort of the opposite of me. I have determination to do these things before they start happening, like I really want to do that project and I just can't figure out how, so I need a lot more help along the way then he does and I work slower. 
  • There were some server things that Hector was good at and so he did his part. I didn't understand the stuff he knew, but we all played an equal part in this way, so we all played our parts and were useful. I haven't had a team experience like that before. 
  • Then we had Pi Hole installed and they didn't know what to do after that and I told them how to access the Pi Hole interface, just like a router, and how to set it up and to give it a static IP address, although I don't know if this still applies if it's on a Proxmox server, which I would assume probably already has a static IP address, but maybe the DNS server somehow separately needs it's address statically created or something. Then I told them how to add the Blocklist Project from GitHub to the Pi Hole. They added a couple, but the only one we really needed was for blocking ads, and this project had all sorts of different clockers for Adobe, smart TVs, vaping, ransomware, pornography and so on. It wasn't blocking very much, I showed them how to test it, and so we were sort of confused why it wasn't blocking anything. I explained that in this classroom, people probably weren't doing that much, which required blocking, since we were all focused on projects. It's not like we were all surfing the internet or something. Some were working on server racks, others were installing things in the Linux CLI, others were working on hardware, so I didn't think there'd be much blocking happening. But then Jack went back to GitHub for the Blocklist Project and found a content blocker that simply blocked everything Blocklist Project could block, altogether in one adlist. Suddenly it was working real well and blocked tons of stuff. I was afraid that because I was instructed to give the virtual machine for this project one gigabyte of RAM, that it might not be able to handle such a large adlist and searches online would get bogged down. But this didn't happen. 
  • In the middle of my worry that I had not given the virtual machine enough RAM, I tried to see if I could upgrade it during usage or maybe after usage. I asked them if they could stop using the machine for a minute so I could change it. But then I started having problems. I went back to Proxmox on my laptop, which was still open from before, and I tried to test a theory I had about the RAM as well as the virtual ethernet for the virtual machine, and when I clicked on the option to add a machine, the window appeared but two fields that were usually automatically filled, were not filled, and I tried to name the device real quick and move on but it wouldn't advance to the next tab to continue setting up the new virtual machine. It said that the two empty fields needed to be filled. I clicked on them and one of them automatically filled, and then the other caused everything to freeze and a wheel endlessly spinned. 
  • Then we got stuck on how to block Spotify. Jack tried typing Spotify.com into the Adlist window and adding it to the list of adlists. I thought that this was fruitless because the adlists were basically scripts that included all sorts of things, a lot of data that was used to block queries. He then asked Zack why this wasn't working. They kept navigating the Spotify and it was still working. Jack tried a few things. 
  • But I had heard just a week earlier from Doug that if there was network traffic from my smart LG air conditioner that tried to update and cause me trouble, then I could just go to the logs in the Pi Hole interface and watch for any traffic from my AC to the internet and then block those. I tried for ten minutes to tel Jack and Hector and Zack about this, and for some reason they ignored me every time. So finally I got their attention one more time before they disregarded my idea to check the logs, and I asked them to do me a favor real quick and click on this one log on the interface. 

  •  I had just looked this up. I clicked on it while they were trying other things and tested it by navigating to Spotify on my laptop. 

  • Spotify showed up, and very handily, there was a block button all the way to the right of it. I asked them to navigate to this as a favor and look at this log, and then navigate to Spotify real quick because it showed up on my laptop for my own VPN network from my server at home. It should work the same here. It worked. Jack intuitively pressed the block button and Spotify was blocked. We tested it on our computer, we tested it on Doug's computer, and it still worked. The trick to this however, since it wasn't working on all computers, was that if a computer on the HiddenNetwork had another DNS server set up to resolve domain names for it other than our Pi Hole, then this wouldn't work. All computers on the network, including WIFI, will use the Pi Hole automatically unless they are configured in settings to use another. 
  • And there was one other rub. Typically, Doug's computer runs off of the Staff WIFI network, and so this computer would have to be set beforehand to use HiddenNetwork. But usually this isn't something that someone checks when they load up the computer and start using it, they would only check this if something was wrong with the network or internet because they were trying to do something and it wasn't working. Zack said that he could make sure it stays set to Hidden Network for us. 
  • I had the idea of leaving a post-it note on his desk saying if something was wrong, just ask Christian, Jack or Hector. I had just realized that Doug had access to my VPN on his personal laptop in case there was a problem that needed to be troubleshooted. But I know a way to cut off his VPN access. I could navigate to my server and type "pivpn" followed by something like "-l" for list or something like that, and then "-d" or something like that to disable one of the entries in the list. 
  • I went to do something else and there were problems. I was supposed to still be connected to the HiddenNetwork, and I went to check with Zacks curiosity, and for some reason my laptop had automatically switched back to the student WIFI. SO I switched back to Hidden Network. This not only fixed my current problem, but I thought I'd go back to Proxmox to see if I could now create a virtual machine without problems, and I could. The two empty fields were automatically filled like before and the process was opened right up for me. Zack was curious about that too and sounded according to his observation of the discovery. 
This has been Truncat3d 00000000111100010100110______________end of line

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

2025-07-10 - Active Directory 5.0 - Group Policy Foundations: Understanding Domain Admins and User Accounts / Setting up Remote Access

  Why You Use TESTLAB\Administrator Across Multiple Machines — And Why You Need Separate Domain Users When you join a workstation to an Act...