Hack @ School

[wthpr0]

So i did an ARP-posning attack on one of my schools networks. There are 3 wireless and one wired, I did it on one of the wireless networks. Fires i started doing it for like 10 secs just to get some facebook-accounts for fun but now when we are in our final days at school i thought i would crack it up a bit so this is what I did:

First ju have to know that it's a tradition on my school that in the final days everyone who's in there third year are shooting water at the younger people. But we always get in conflict with the teachers so this is what i did:

As usaully i did an arp-spoofing attack, BUT this time I did it on the whole guest network it's a /20 and a lot of people are using it since we have problems with the other "school network". Ok, so, after i started the attack I change an iptable rule so that all TCP traffic going throw my computer would be pointed to it's address and then i put up a site on my computer saying:

"Everyone wants there water-guns back or else we will take down the other networks" (yes we could do this, even with the wired network). I had this up for like 4-5 hours (11-15).

now to my problem:

I'm the only one in school capable of doing this so the network admin prity much know it's me but he has to prove it. What i did you protect my self was this: Before i started the hack i logged on to the wireless network(everyone in school has there own login) then i surfed around for like 30 min or so. After this i change my mac-adress without logging in with my login again (you have network access without it). The i put the computer i my locker and went home. When the teacher asked where i was my friends said i went home 20 min ago (20 min before the attack began). Later that say after everyone went home i went in and to the computer. Now i have removed the Linux partition from the hard disk and there is only windows on it (I know that the network admin knows that it was a Linux computer that did it).

do you think he can take me ?

[digip]

Sure. In fact, we just turned you in and gave them your IP address and showed them this post. Have a nice day.

[wthpr0]

Sure. In fact, we just turned you in and gave them your IP address and showed them this post. Have a nice day.

1. Who are they, where am I from and what school is it ?

2. Sorry but you will only find an IP at amazon EC2

[Jamo]

Well now you have told everyone you have done it. Better hope, that your network admin doesn't read this forum.

Wel all he can see is that some mac address has been arp poisoning whole network. Actually if he knows that you had linux, but now it has disappeared it may ring a bell. You should install linux again. there will be no logs of what you've done.

And you can arp spoof with windows too.

[wthpr0]

Well now you have told everyone you have done it. Better hope, that your network admin doesn't read this forum.

Wel all he can see is that some mac address has been arp poisoning whole network. Actually if he knows that you had Linux, but now it has disappeared it may ring a bell. You should install Linux again. there will be no logs of what you've done.

And you can arp spoof with windows too.

Actually he doesn't know that I have Linux on my laptop just on an other computer. I need windows in school so I don't think that will raise a flag, tho he do knows that I like Linux.

[ihack2learn]

Not sure how your network admins watch your networks. I always acknowledge that there are ppl much smarter than me out there (as should you). Basically when I poke around a foreign network I always do it with a VM and a usb network card, that way it is just a disposable system that has been set up to be completely separate from my host computer.

[wthpr0]

Not sure how your network admins watch your networks. I always acknowledge that there are ppl much smarter than me out there (as should you). Basically when I poke around a foreign network I always do it with a VM and a usb network card, that way it is just a disposable system that has been set up to be completely separate from my host computer.

Yha problem is that you still have the mac-adress, tho that is changeable you have to remember to do it every time.

[Mr-Protocol]

Sounds like you are just some little punk kid trying to maliciously compromise a network. If it was my say I'd have your account here terminated and pray you get busted for your attacks.

[Infiltrator]

Dude moral of the story is that, what you did is wrong. You should never ever tell other people what you did to someone else's network. This doesn't only get you in trouble but if the network owner finds out, it was you you are in deep shit. You could get expelled and more prosecuted.

These sort of activities should only be attempted in your own home network.

[digip]

1. Who are they, where am I from and what school is it ?

2. Sorry but you will only find an IP at amazon EC2

You're in Sweden, Your website/server is in Ireland and hosts 3 domains. Your IP is...well, lets just say its somewhere in the x.x.x.x.bredband.tre.se range. You also go by the name Corally.

[Infiltrator]

You're in Sweden, Your website/server is in Ireland and hosts 3 domains. Your IP is...well, lets just say its somewhere in the x.x.x.x.bredband.tre.se range. You also go by the name Corally.

Interesting how did find the ops details?

[wthpr0]

http://twitter.com/#!/wthpr0

http://sourceforge.net/users/wthpr0

http://wthpr0.users.sourceforge.net/

http://sourceforge.net/projects/dagensdos/

http://www.wthpr0.net/

http://whois.domaintools.com/wthpr0.net

LOGS of you talking about this lmao

http://irclogs.ubuntu.com/2010/08/02/%23ubuntu.txt

You put fake info on your ICANN, so you will be losing that domain as I will be reporting it.

Don't do something stupid, go on a "hacking" forum then tell those people we know nothing about you.

EDIT

############################################

Domain: wthpr0.net
Submitted: Tue, 31 May 2011 20:16:06 PDT

############################################

WHOIS INFORMATION AS OF Tue, 31 May 2011 20:16:06 PDT

You must wait 10 seconds between queries.

############################################

PROBLEM REPORT

Registrant Data

Name:
No such person or entity

Comment:
Fake Name

Administrative Contact Data

Name:
No such person or entity

Comment:
Fake Name

Technical Contact Data

Name:
No such person or entity

Comment:
Fake Name

Registration Dates

Create Date:
Incorrect date

Comment:
Fake Name

############################################



Thank you for your help.

Best regards,

InterNIC Whois Data Problem Reports System 

Nicely done, I have to say :) sure report it i will have to change everything anyone now :( well well i guess I will have to get some breather security next time. cya... Oh btw you missed one nick and one server and the flashback thread about it ( guess i can't blame you, you can't find that with a google search since it was in a different nick) but otherwise it was nice :)... Maby not lets see what you have done: finding a domain in my own nick... hmm i guss anyone can do that?. Doing a search for other domains on the same ip http://www.robtex.com/ for example can do that. Ok. then you got my home ip... or at least the one on tre(a mobile carrier), that one i don't know how you did ? do you have admin access on the forum ?. (Maby you should check the date stamp on the irc log ? before saying that it's about this)

Ok so in summer it up you did a google search on WTHpr0, GREATS :D

OK so lets get back to the topic:

The all played out when i came back to the school next day and out network admin asked to talk to me, i thought he was mad, but i turns out that he like the would thing because he hate the people handling out network as well. So he thought this might get them to open there eyes. He also said that he could not prove that it was me and i never said to him that it was. Remember that everybody could still go on the Internet, the attack was not ment to be damage the network in anyway it was just a fun thing.

Edited June 1, 2011 by wthpr0

[digip]

Nicely done, I have to say :) sure report it i will have to change everything anyone now :( well well i guess I will have to get some breather security next time. cya... Oh btw you missed one nick and one server and the flashback thread about it ( guess i can't blame you, you can't find that with a google search since it was in a different nick) but otherwise it was nice :)... Maby not lets see what you have done: finding a domain in my own nick... hmm i guss anyone can do that?. Doing a search for other domains on the same ip http://www.robtex.com/ for example can do that. Ok. then you got my home ip... or at least the one on tre(a mobile carrier), that one i don't know how you did ? do you have admin access on the forum ?. (Maby you should check the date stamp on the irc log ? before saying that it's about this)

Ok so in summer it up you did a google search on WTHpr0, GREATS :D

By the way, we don't need to be admins on the board to get your IP and ISP. You logged into many places without shielding your real IP. Even your proxy, existenz, is leaking information about your surfing habits. Sometimes all you have to do is feed the trolls... (Sweden Hi3g Access Ab) 109.58.250.x

I see you like to look at a lot of freaks and porn too, while at school! Freak of the day, Chinese women with deformed feet, break.com animal videos? What kind of fetishes are you into?

[wthpr0]

By the way, we don't need to be admins on the board to get your IP and ISP. You logged into many places without shielding your real IP. Even your proxy, existenz, is leaking information about your surfing habits. Sometimes all you have to do is feed the trolls... (Sweden Hi3g Access Ab) 109.58.250.x

I see you like to look at a lot of freaks and porn too, while at school! Freak of the day, Chinese women with deformed feet, break.com animal videos? What kind of fetishes are you into?

that Existenz thing is for ppl @ school becuse they closed dose existenz.se for us so what you see there is not what i look at it's just a website existenz.se (this site has alot of feaking things on it) and btw that ip changes every day because of how the mobil network functions in Sweden (don't know if it's like that in other countrys). tho i have a land line as well, have you found that yet?. I don't know where you think you are getting the information from about my surfing habits, do you mean all the links on existenz.se :o ?. I guess you have seen that existenz.wthpr0.net is block for all ips except my schools so you have to have gone to existenz.se and thought that was my surfing habits :o ?

Edited June 1, 2011 by wthpr0

[digip]

No. I have not been to existenz.se. It seems your existenz.wthpr0.net leaves its exit url on the sites it visits, most likely because Chrome doesn't block the referrer url on sites you visit, adn the sites you visited have analytics, which harvests all users who visit them, and the referring url. By association in this manner, it seems google is indexing the sites visited by your proxy, and you can click the "cached" link from existenz.wthpr0.net to see which sites were visted via the proxy exit url.

For example - http://existenz.wthpr0.net/out.php?id=34672 reads "This site is only meant to be used in school", but if I go to http://bit.ly/im9ioF I can see you visited something referencing "Penis".

[Mr-Protocol]

Requested for this thread to be locked...

[Sparda]

Nothing useful here...