So you have the password

[FinalWhiteDove]

Hi, I'm new here and wanted to say before I post this that I really enjoy the show and understand that it is not The n00bs guide on how to hack.

However, that being said, I have recently 'aquired' an admin password for local logging in on a rather large network of PCs and I was wondering. What the hell do I do with it?

And also, if it turns out to be the password for all of the computers and systems on the network, should I do anything then?

-FWD

[cooper]

Well, typically the fun is more in the acquiring and/or bypassing the security that required that password in the first place.

Still, now that you have it, what you can do depends entirely on the network you're on, what else is on there, and what your interests are. If you're feeling malicious, you could wipe some machines, but you can rest assured they will be aware of the intrusion quite quickly.

If there's a machine on the network that holds some interesting stuff (financial records, grades, internal website) you can head over to them and see if there's something interesting that you can do there.

Last but most certainly not least, you could approach an admin and explain how you came by the password. If it's something clumsy like they put it in a world-readable file or form someplace, just head up to one and say "Hey, I've been looking at this thing here, and I was wondering what this string is supposed to mean". If it's because you've been sneaky by looking over their shoulder or using a keylogger of sorts to get to the password, you're better off not telling anyone since the acquisition was illegal and they'll assume you've used this elevated privillege for personal gain. If this is school, we're talking anything from detention to expulsion. In business you're facing termination and possibly some words with a law enforcement officer.

The most important thing to do at this point however:

DON'T BRAG TO *ANYONE* ABOUT IT!

Don't use the privillege to render services to others or make modifications that will obviously lead back to you (give yourself an A when you actually got an F, deface the internal website using a nickname that at least a few people around you know to be you).

I once hacked into a webmailing website. Played around a bit, looking through people's email for interesting stuff, got bored with it and then used the site to send an email from the account of the sys admin to both the admin and the owner explaining the problem with their website, and how it could be used to get access to machines beyond their control (they were holding on to passwords for external servers, and pre-filling forms with this info. View->Source and you had access to another system). They fixed the problem within a day, and I haven't heared from them since. The company in question went belly-up shortly after the bubble burst, so I'm not too worried about this one.

[FinalWhiteDove]

You're right in the fact that 'acquiring' the password was the fun part.

I'm not a malicious person, I have always deemed myself to be a white hat rather than a grey or black hat, although how I got the password could be considered rather script kiddyish.

The network which I am talking about is pretty insecure (at least the machines are). I mean, you should see the amount of crap people have installed and the amount of spyware etc that is on there.

That I guess is why I wanted the password in the first place, as the Administrators and Tech people here aren't exactly the most knowledgable people about the fascinating world of computers and other technology. They don't bother putting adiquate security in place, I mean the Mac was pretty easy to get into and become an administrator on, but all I do on that is to make sure that it is up to date, so you can see quite clearly what my goals are when I 'Hack'.

Also, please don't flame me but I am afraid that I WAS quite STUPID and did tell alot of my close 'Friends', I don't know what it is but I get really easily excited about these kinda things. So yeah, I told them but I only told the ones that I trusted that I have the unecrypted password. However, as I stated before, I would NOT ever use the network for my advantage or to gain my friend's advantages.

That was very nice of you, I wish more people would do this kind of thing rather than the malicious type of cracking/hacking. I mean I would crack into something (when I acquire the knowledge on how to do it) to gain knowledge and information but I would not neccesarily use this knowledge, just knowing it and maybe passing along the way I got in to the proper people, if I felt brave enough.

Anyway enough rambling, thank you for all your help.

-FWD

[anyedie]

since you already told people i dont think its a good idea to do anything too playful, maybe just some info gathering and then leave it alone or turn it in to the admin... because if you do something bad then it will get around that you did it and you wont have a very good day. :)

[moonlit]

Welcome FinalWhiteDove to the forums.

Careful who you tell when you do anything in this vein...

Especially if they happen to go to the same college as you.

[tonysathre]

Well it depends on what type of network environment your on. Is it a domain with Active Directory or is it just a huge workgroup with mapped drives and local user accounts? If it is a domain, which it probably is if there are a lot of workstations, the first thing I would do is create a new domain admin account in AD so the admin doesn't notice that someone else has been using his account. Make sure you add it to the Domain Administrators Security Group. After that, there isn't anything you can't do.

Always make sure you clear the Event Viewer of your actions, but don't completely clear the logs.

[cooper]

Well, the big problem now is that since people know he has admin powers, whenever the shit hits the fan they will assume it was you, even if it wasn't. And if that rumour starts to spread you're gonna be fucked regardless.

My advice would be to lay low, tell people they changed the password or something so you can't get in anymore or some such, and try again in a month or two.

[FinalWhiteDove]

@ moonlit, who said that it was a college? ;) but I do appreciate your warning.

@ tonysathre, well I am not well versed in domains and networks. I know a little about Cisco but I don't know much about how windows or any other operating system interfaces, uses &/or controls a network. Guess it's time to FGI :)

All that I do know is that it runs on novell netware, time to FGI on that too!

Well, I do trust these people and I would never do anything NASTY or something that bought the network down etc. But just incase they do decide to look one day, I'd like to clarify where the event viewer is.

Is the event viewer in compmgmt.msc?

And since they run novell on their machines, is there any further logging that I should be aware of?

@Cooper, I know that it was extremely stupid of me and I'll have to train myself NOT to tell anyone in the future. I'll take your advice, thank you very much. Don't know if I'll be here then but if I am, I'll make sure that their network is secure and running as well as it can do.

Thank you to all of you!

-FWD

P.S. Sorry if I'm babling or not making much sense but I'm quite tired today.

[moonlit]

@ moonlit, who said that it was a college? ;) but I do appreciate your warning.

No-one... however, each time you post in this thread, you give away a little more each time... ;)

[melodic]

OMGZZZZZZ!!! LAWL j00 SH0ULD T0TALLY PWN TEH N3TWURK!!!!!! LAWL!!!!1111ONEONEONE

no seriously...behave young obi wan