Jump to content

Student Claims To Have Hacked Our Network


XaVi3r

Recommended Posts

Check the logs for your samba server. See if you can find any connection that isn't 'normal'. Just guessing isn't going to get you anywhere and always remember that just because a student said he can get access to sensative files doesn't mean he/she actually did. It would be nice if you knew the exact time or at least what day the student accessed the shares, that would give you a smaller range in which to look for the access. Because if the share is misconfigured and he accessed it with his account, his account would still show up in the access logs... I think.

Aside:

You can't always rule out access to the command line just because you blocked access to it. Back when I was in high school they used AD for authentication and deep freeze. I was able to gain local admin on any machine by running a .bat file from within a .zip.

1.) create a txt file with the following.

@echo off

command.com

2.) save it as mycmd.bat

3.) create a zip file and copy mycmd.bat into the zip file

4.) open the zip file and run mycmd.bat

5.) you should now have a command prompt at C:\Windows\system32

6.) run: 'control userpasswords2'

7.) you can now change the password of any admin account, along with creating a new account for your self. This account survives a reboot.

8.) reboot and login as admin.

This is what you get when your networking teacher doesn't teach anything. Bored students who want to have a little fun.

Link to comment
Share on other sites

  • 4 weeks later...

Is the local Admininstrator account password protected? Are all machines protected from use of konboot/ophcrack, etc?

Yes the Local Administrator Accouunt is enabled or disabled in the Group policy ? If he gets the local admin also there is a possiblity fr him to do anything , And as welll as if u have backed up the NTDS.DIT and SYSVOL Folder ?

If yes restore it thats the good way to go

press f8>Active directory restore mode(Domain controllers) restore it ,

coz there may me cumulative rights have applied to any shares that get looped and resulted doesnt work anymore

Am just wondering why no one sugggested to change his Server Administrator Password , First do that bro ..! and get any IPS/IDS Software to check for any malicious incoming from outsiders...!

it jus mi view and other folks has a right point in thier suspect.. ! it alll give u buncha ideas that u can go for defending ur network .. !

If the Kid is tryina Access ur shared drive which has Tax Informations he may try use the SMB or Netbios to access the shares..! if u see any logs in the IDS blocks the KIddo IP adddress Or create a new policy in ur firewall to defend him outside the network.. !!

Let me kno wat happened , wat u have done . telll us , share with us

Link to comment
Share on other sites

I really have no idea what you're talking about. You're upset a minor found a gaping security flaw and reported it to what he felt was the authority in control. This has nothing to do with protocols and rewards. As far as I'm concerned, the student followed the "protocol" assumed in a school environment.

You're more than welcome to think how the world works, but I'll tell you someone is always going to think of a better way a better and more efficent way to do something. You can either accept that or become irrelevant. This kid reported the problem. Talk with him, thank him, and fix the problem.

Did you slapped him?

Oh alright, Gotcha ..!!

u r making him the things to understand , U have a valid point bro and i agree with u !!

And i understand this doesnt mean anything between our geeks , its jus tha hot and cool conversation i should say ..!!

hak5 is tha best

Link to comment
Share on other sites

OP has had 3 posts, 2 of which seem to have been deleted(or dropped from database backup,who knows). Isn't it funny how this thread keeps growing though, when the original OP has yet to reply to anything? Maybe time to lock it, the conversation is going nowhere with no answer or feedback from the original poster, nor has he/she logged on since the day they made this post.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...