wthpr0 Posted May 31, 2011 Share Posted May 31, 2011 So i did an ARP-posning attack on one of my schools networks. There are 3 wireless and one wired, I did it on one of the wireless networks. Fires i started doing it for like 10 secs just to get some facebook-accounts for fun but now when we are in our final days at school i thought i would crack it up a bit so this is what I did: First ju have to know that it's a tradition on my school that in the final days everyone who's in there third year are shooting water at the younger people. But we always get in conflict with the teachers so this is what i did: As usaully i did an arp-spoofing attack, BUT this time I did it on the whole guest network it's a /20 and a lot of people are using it since we have problems with the other "school network". Ok, so, after i started the attack I change an iptable rule so that all TCP traffic going throw my computer would be pointed to it's address and then i put up a site on my computer saying: "Everyone wants there water-guns back or else we will take down the other networks" (yes we could do this, even with the wired network). I had this up for like 4-5 hours (11-15). now to my problem: I'm the only one in school capable of doing this so the network admin prity much know it's me but he has to prove it. What i did you protect my self was this: Before i started the hack i logged on to the wireless network(everyone in school has there own login) then i surfed around for like 30 min or so. After this i change my mac-adress without logging in with my login again (you have network access without it). The i put the computer i my locker and went home. When the teacher asked where i was my friends said i went home 20 min ago (20 min before the attack began). Later that say after everyone went home i went in and to the computer. Now i have removed the Linux partition from the hard disk and there is only windows on it (I know that the network admin knows that it was a Linux computer that did it). do you think he can take me ? Link to comment Share on other sites More sharing options...
digip Posted May 31, 2011 Share Posted May 31, 2011 Sure. In fact, we just turned you in and gave them your IP address and showed them this post. Have a nice day. Link to comment Share on other sites More sharing options...
wthpr0 Posted May 31, 2011 Author Share Posted May 31, 2011 Sure. In fact, we just turned you in and gave them your IP address and showed them this post. Have a nice day. 1. Who are they, where am I from and what school is it ? 2. Sorry but you will only find an IP at amazon EC2 Link to comment Share on other sites More sharing options...
Jamo Posted May 31, 2011 Share Posted May 31, 2011 Well now you have told everyone you have done it. Better hope, that your network admin doesn't read this forum. Wel all he can see is that some mac address has been arp poisoning whole network. Actually if he knows that you had linux, but now it has disappeared it may ring a bell. You should install linux again. there will be no logs of what you've done. And you can arp spoof with windows too. Link to comment Share on other sites More sharing options...
wthpr0 Posted May 31, 2011 Author Share Posted May 31, 2011 Well now you have told everyone you have done it. Better hope, that your network admin doesn't read this forum. Wel all he can see is that some mac address has been arp poisoning whole network. Actually if he knows that you had Linux, but now it has disappeared it may ring a bell. You should install Linux again. there will be no logs of what you've done. And you can arp spoof with windows too. Actually he doesn't know that I have Linux on my laptop just on an other computer. I need windows in school so I don't think that will raise a flag, tho he do knows that I like Linux. Link to comment Share on other sites More sharing options...
ihack2learn Posted May 31, 2011 Share Posted May 31, 2011 Not sure how your network admins watch your networks. I always acknowledge that there are ppl much smarter than me out there (as should you). Basically when I poke around a foreign network I always do it with a VM and a usb network card, that way it is just a disposable system that has been set up to be completely separate from my host computer. Link to comment Share on other sites More sharing options...
wthpr0 Posted May 31, 2011 Author Share Posted May 31, 2011 Not sure how your network admins watch your networks. I always acknowledge that there are ppl much smarter than me out there (as should you). Basically when I poke around a foreign network I always do it with a VM and a usb network card, that way it is just a disposable system that has been set up to be completely separate from my host computer. Yha problem is that you still have the mac-adress, tho that is changeable you have to remember to do it every time. Link to comment Share on other sites More sharing options...
Mr-Protocol Posted May 31, 2011 Share Posted May 31, 2011 Sounds like you are just some little punk kid trying to maliciously compromise a network. If it was my say I'd have your account here terminated and pray you get busted for your attacks. Link to comment Share on other sites More sharing options...
Infiltrator Posted May 31, 2011 Share Posted May 31, 2011 Dude moral of the story is that, what you did is wrong. You should never ever tell other people what you did to someone else's network. This doesn't only get you in trouble but if the network owner finds out, it was you you are in deep shit. You could get expelled and more prosecuted. These sort of activities should only be attempted in your own home network. Link to comment Share on other sites More sharing options...
digip Posted May 31, 2011 Share Posted May 31, 2011 1. Who are they, where am I from and what school is it ? 2. Sorry but you will only find an IP at amazon EC2 You're in Sweden, Your website/server is in Ireland and hosts 3 domains. Your IP is...well, lets just say its somewhere in the x.x.x.x.bredband.tre.se range. You also go by the name Corally. Link to comment Share on other sites More sharing options...
Infiltrator Posted June 1, 2011 Share Posted June 1, 2011 You're in Sweden, Your website/server is in Ireland and hosts 3 domains. Your IP is...well, lets just say its somewhere in the x.x.x.x.bredband.tre.se range. You also go by the name Corally. Interesting how did find the ops details? Link to comment Share on other sites More sharing options...
wthpr0 Posted June 1, 2011 Author Share Posted June 1, 2011 (edited) http://twitter.com/#!/wthpr0 http://sourceforge.net/users/wthpr0 http://wthpr0.users.sourceforge.net/ http://sourceforge.net/projects/dagensdos/ http://www.wthpr0.net/ http://whois.domaintools.com/wthpr0.net LOGS of you talking about this lmao http://irclogs.ubuntu.com/2010/08/02/%23ubuntu.txt You put fake info on your ICANN, so you will be losing that domain as I will be reporting it. Don't do something stupid, go on a "hacking" forum then tell those people we know nothing about you. EDIT ############################################ Domain: wthpr0.net Submitted: Tue, 31 May 2011 20:16:06 PDT ############################################ WHOIS INFORMATION AS OF Tue, 31 May 2011 20:16:06 PDT You must wait 10 seconds between queries. ############################################ PROBLEM REPORT Registrant Data Name: No such person or entity Comment: Fake Name Administrative Contact Data Name: No such person or entity Comment: Fake Name Technical Contact Data Name: No such person or entity Comment: Fake Name Registration Dates Create Date: Incorrect date Comment: Fake Name ############################################ Thank you for your help. Best regards, InterNIC Whois Data Problem Reports System Nicely done, I have to say :) sure report it i will have to change everything anyone now :( well well i guess I will have to get some breather security next time. cya... Oh btw you missed one nick and one server and the flashback thread about it ( guess i can't blame you, you can't find that with a google search since it was in a different nick) but otherwise it was nice :)... Maby not lets see what you have done: finding a domain in my own nick... hmm i guss anyone can do that?. Doing a search for other domains on the same ip http://www.robtex.com/ for example can do that. Ok. then you got my home ip... or at least the one on tre(a mobile carrier), that one i don't know how you did ? do you have admin access on the forum ?. (Maby you should check the date stamp on the irc log ? before saying that it's about this) Ok so in summer it up you did a google search on WTHpr0, GREATS :D OK so lets get back to the topic: The all played out when i came back to the school next day and out network admin asked to talk to me, i thought he was mad, but i turns out that he like the would thing because he hate the people handling out network as well. So he thought this might get them to open there eyes. He also said that he could not prove that it was me and i never said to him that it was. Remember that everybody could still go on the Internet, the attack was not ment to be damage the network in anyway it was just a fun thing. Edited June 1, 2011 by wthpr0 Link to comment Share on other sites More sharing options...
digip Posted June 1, 2011 Share Posted June 1, 2011 Nicely done, I have to say :) sure report it i will have to change everything anyone now :( well well i guess I will have to get some breather security next time. cya... Oh btw you missed one nick and one server and the flashback thread about it ( guess i can't blame you, you can't find that with a google search since it was in a different nick) but otherwise it was nice :)... Maby not lets see what you have done: finding a domain in my own nick... hmm i guss anyone can do that?. Doing a search for other domains on the same ip http://www.robtex.com/ for example can do that. Ok. then you got my home ip... or at least the one on tre(a mobile carrier), that one i don't know how you did ? do you have admin access on the forum ?. (Maby you should check the date stamp on the irc log ? before saying that it's about this) Ok so in summer it up you did a google search on WTHpr0, GREATS :D By the way, we don't need to be admins on the board to get your IP and ISP. You logged into many places without shielding your real IP. Even your proxy, existenz, is leaking information about your surfing habits. Sometimes all you have to do is feed the trolls... (Sweden Hi3g Access Ab) 109.58.250.x I see you like to look at a lot of freaks and porn too, while at school! Freak of the day, Chinese women with deformed feet, break.com animal videos? What kind of fetishes are you into? Link to comment Share on other sites More sharing options...
wthpr0 Posted June 1, 2011 Author Share Posted June 1, 2011 (edited) By the way, we don't need to be admins on the board to get your IP and ISP. You logged into many places without shielding your real IP. Even your proxy, existenz, is leaking information about your surfing habits. Sometimes all you have to do is feed the trolls... (Sweden Hi3g Access Ab) 109.58.250.x I see you like to look at a lot of freaks and porn too, while at school! Freak of the day, Chinese women with deformed feet, break.com animal videos? What kind of fetishes are you into? that Existenz thing is for ppl @ school becuse they closed dose existenz.se for us so what you see there is not what i look at it's just a website existenz.se (this site has alot of feaking things on it) and btw that ip changes every day because of how the mobil network functions in Sweden (don't know if it's like that in other countrys). tho i have a land line as well, have you found that yet?. I don't know where you think you are getting the information from about my surfing habits, do you mean all the links on existenz.se :o ?. I guess you have seen that existenz.wthpr0.net is block for all ips except my schools so you have to have gone to existenz.se and thought that was my surfing habits :o ? Edited June 1, 2011 by wthpr0 Link to comment Share on other sites More sharing options...
digip Posted June 1, 2011 Share Posted June 1, 2011 No. I have not been to existenz.se. It seems your existenz.wthpr0.net leaves its exit url on the sites it visits, most likely because Chrome doesn't block the referrer url on sites you visit, adn the sites you visited have analytics, which harvests all users who visit them, and the referring url. By association in this manner, it seems google is indexing the sites visited by your proxy, and you can click the "cached" link from existenz.wthpr0.net to see which sites were visted via the proxy exit url. For example - http://existenz.wthpr0.net/out.php?id=34672 reads "This site is only meant to be used in school", but if I go to http://bit.ly/im9ioF I can see you visited something referencing "Penis". Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 1, 2011 Share Posted June 1, 2011 Requested for this thread to be locked... Link to comment Share on other sites More sharing options...
Sparda Posted June 1, 2011 Share Posted June 1, 2011 Nothing useful here... Link to comment Share on other sites More sharing options...
Recommended Posts