Please try and break my database

Alright!

So, my current job is helping set up this database that will connect Kepral's patients with clinical studies. Lots of sensitive data. Needs to be airtight.

And I am never going to see my own screwups. Rest of the team might catch them, but still.

I have set up an extremely stripped down version filled with fake data in the wilds of the extranet. I want you to try and break it.

I swear to GOD that if this is a RUSE to send worm packages into my own systems than I am going to FREAK.

Fool me once, shame on that GODDAMN TURIAN ASSHOLE WHO PROMISED ME A FREE SUBSCRIPTION ON DEFRAGMENTING PROGRAMS. Fool me twice, I'M HUNTING YOUR SORRY ASS DOWN.

Break could have one of many meanings in this context. Which definition are you meaning here?

I'm told that I ought to stop doing free computer work for people who aren't kin. Don't testers usually get, you know, paid?

...except that statement of yours reads rather a lot like a challenge, which really makes me want to have a go at it, and you are Trex's friend...

By "airtight" do you mean "the typical hacker on the Extranet can't crack this thing" or do you mean "The Illuminated Primacy can't crack this thing?"

The server frontend uses an outdated version of Cherooke V9.11 which is vulnerable to CasDoS attacks. Go and get an update. Not a danger to the data as is, but it can bring the server to its knees and make it vulnerable for e.g. packet insertion.
(Method used: WHOIS ping of the EP address)

The ports 8891, 13425, 16643 and 10034 are open, yet they don't seem to be used for anything or even monitored. If you don't need them, close them.
(Method used: port scan script from popular hacker site)

You seem to use a variant of the semi-popular salarian Clairvoyant Database Suite (going by the WHOIS information) and... I have no idea how to go from here. I never had to do with it.
Give me a week and a half of reading and another week of preparation and scripting and I might come up with something, but for now I am stalled. I am sure Mekan and Raelon can whip up something faster. They are way better at cyber-warfare than I am.

I could use a more agressive approach with brute force VI-assisted breaching going through the vulnerable ports mentioned above but that would be the equivalent of using a sledgehammer to get into a cookie jar. And if your IDS VI (like e.g. Sn1ffer VI) isn't from the last decade it would set of all sorts of alarms.
And I don't have a rig powerful enough to go against citadel tech. I would be traced and found faster than I can say uh-oh.

I work for a drell rights charity.


First the one then aim for the other?

Time to update things!

....oh, it's the Cause card, well played, Kayana, well played...

Tell you what, here's the deal. You update it as far as you can yourself, get it to the "average hacker can't crack it" state and then I'll take a run at it.

And someone owes me. Take it yourself, or talk Trex into it, or whatever.

The system as is currently has a fault on port 64888, provided you have previously opened it to read your own input, it is possible to get the (still encrypted) input from other systems by inputting different user codes as they are used server-side. This is of little use without a method to decrypt the data, but unless you have developed or purchased unique encryption/decryption software, it may represent a security breach. My advice would be to adjust port security settings to only allow access after verification is given. Depending on volume it may be ideal to assign, as needed, one port to one user. I will continue trying to find security flaws, and just a cursory glance tells me that it is not AI-assistance proof, but that is extremely difficult to do anyway.

It's not like I'm making it up!

Give me a week to fix everything these guys found. And is it a good time to come see Trex? I think I can extend the chain of favours...

It's working because you're not making it up.

Unfortunately, right now, Trex is grounded.

Oh you fucking asshole this is fucking computer shit? Not actual breaking shit? Fuck.

Ruined my voiddamn day with this shit

Posting all my shit in red now so you can't see it