kiwiki

From IRC: "12/4 13:10:27 superteece> unless you're on a contract with a scope that allows you to take such action you should not. 12/4 13:11:10 superteece> "ethical hacking" is simply hacking with the owner's permission" Now, I'm not going to do anything without permission, and I plan on asking the adminstration to allow me to demonstrate the scope of this vulnerability. I'm preparing a Kali USB, as well as looking into creating a linux image that simply displays: "Fix me" on the screen.

My local community college has hundreds of computers with no lockdown on the BIOS. Not only do they not have BIOS passwords, they also have a network bootable image with no root password. I've already brought this to their attention, via a phone call, but I'm not sure they're going to do anything about it. I go back tomorrow, and I want to see if they have fixed the problem or not. If they haven't I want to do something to show them it's a major (I feel like it's a major problem, but I've only just started in the world of pen testing) problem. I'm aware I could just wipe the drives and leave it, but that's damaging and I don't want to get in any legal trouble. What should I do?