Jump to content

bypassing school proxy help!


reklescreations

Recommended Posts

Hey ill give you a brief overview of my schools network

they use their own proxy (http) over here in australia so its really hard

i have disabled the firewall on the computers and i have setup up a ssh tunnel server on my computer

i tried to connect to it not from school to test it it works fine but when i try it in school

i use putty right i enter my schools proxy info my info my server runs on port 63874 cause my school most def blocks port 22

but when i ssh tunnel into it i get connection refused :( sorry for the long read but i can't work out what i did wrong any help would be sick.

Edited by reklescreations
Link to comment
Share on other sites

Ask your school for permission, or don't mess with it. Want help, don't post publicly in the forums for it when you're modifying equipment at school thats not yours.

Head to IRC or such, or you should have rephrased your question, such as "having trouble SSH'ing into my network with such and such issue...".

Not to be a downer, but we generally frown upon hacking school(or work) computers to bypass things meant to protect the internal network, so unless its merely educational information, doing what you did is not cool, and could also land you in hot water with the school or local laws in your neck of the woods.

One of the rules of the forums also states, don't ask how to hack your school. The fact you disabled firewalls on school computers, already goes past the point of the rules. Not to preach, but a problem you might want to research a bit differently, or talk to your schools IT guy,and ask permission to reach whatever it is you need access too. Remoting in from home, not cool, on machines you don't own, and you dropped the firewall on, which puts the schools computers at risk, if I read your post correctly...

Link to comment
Share on other sites

I'm not sure if your school is the same or not but mine is running packet inspection and kills all outgoing ssh traffic. To get past this I setup an openvpn server at my house and gain ssh access to my server that way. Just find out what your school isnt blocking and use it, I've even heard of people piggyback their ssh traffic on http. If there is a will there is a way. Don't get in trouble though as I have learned admins don't understand anything and you will get suspended even for not causing any harm.

Link to comment
Share on other sites

Use teamviewer to connect to a computer on your own network, it's kindof a half-assed way to do it but it works pretty much everywhere.

Edited by computerguy241
Link to comment
Share on other sites

I'm not sure if your school is the same or not but mine is running packet inspection and kills all outgoing ssh traffic. To get past this I setup an openvpn server at my house and gain ssh access to my server that way. Just find out what your school isnt blocking and use it, I've even heard of people piggyback their ssh traffic on http. If there is a will there is a way. Don't get in trouble though as I have learned admins don't understand anything and you will get suspended even for not causing any harm.

Not to mention, you should be able to reach things, without having to modify or drop the firewall on the schools equipment. Like computerguy241 mentioned, teamviewer works a treat too, and doesn't require port forwarding, but it may be blocked by the schools proxy, which if that is the case, ask before going the route of messing with computers you don't own. Its not worth getting expelled, or in some cases, arrested depending on how ridiculous the schools policies are and laws in your area of the world...

Edited by digip
Link to comment
Share on other sites

I'm not sure if your school is the same or not but mine is running packet inspection and kills all outgoing ssh traffic. To get past this I setup an openvpn server at my house and gain ssh access to my server that way. Just find out what your school isnt blocking and use it, I've even heard of people piggyback their ssh traffic on http. If there is a will there is a way. Don't get in trouble though as I have learned admins don't understand anything and you will get suspended even for not causing any harm.

i tried port 80 ssh tunnel and it did not work so im not sure what i can do

Link to comment
Share on other sites

I am not sure if you are listening, reckles. Do you have permissions for accessing ssh to the schools server? What is your intentions? This would be much easier if you just asked the admin why you can't... I personally do not run the server; but if I saw multiple failed attempts in my IDS and tracked it back to you... I would believe you are having malicious intentions for the mere fact you did not ask me (if I were the Admin).

Not trying to be a dick; just saying that they are not forgiveful. Schools don't need evidence; they just need word of mouth.

Link to comment
Share on other sites

Assuming you had/have permissions. You will need his (admin) assistance to allow your client to access the server. You will need an RSA auth key I do believe. Also, I assume you have the non-admin password to the server (which, of course, is for non-repudiaton).

Your systems admin shouldn't have an issue walking you through the nescessary process. But, I can't stress this enough... make sure you are sure that you have permissions (in writing to cover your own ass in case anything fishy happens).

You can ssh via command line:

~$ ssh (remotenetworkname)@(remotenetworkIP)

please enter password: *****************

(you will need an RSA auth key from your admin, to which I can help you with when you get to this point)

easy peasy :)

Edited by Pwnd2Pwnr
Link to comment
Share on other sites

I am not sure if you are listening, reckles. Do you have permissions for accessing ssh to the schools server? What is your intentions? This would be much easier if you just asked the admin why you can't... I personally do not run the server; but if I saw multiple failed attempts in my IDS and tracked it back to you... I would believe you are having malicious intentions for the mere fact you did not ask me (if I were the Admin).

Not trying to be a dick; just saying that they are not forgiveful. Schools don't need evidence; they just need word of mouth.

Well said, and I think you drove the point home. Anything beyond that, is up to him.

This is one of the reasons we have the rule of no hacking schools/work/bypassing these things we don't own. Especially since it seems you're not trying to bypass their proxy, but if I read it correctly you basically also tried logging into the machine from home, or do I have that backwards?

If there are sites at school they block you are trying to gain access to, there are ways around proxies, and you should be able to proxy chain/tunnel directly through the schools own proxy while all your traffic is encrypted without doing things to equipment you don't own. Its not only been covered on the show, I think its in episodes as far back as season 1 or 2 on how to use tunnels on alternate ports for reaching IRC for example. Your destination just has to be configured to listen on the alternate port when tunneling out of the school.

Other options, have a home relay, setup with PhProxy and password protected, so you use the normal proxy to get out, then reach the home box to do the lookups for sites you want to reach. There are so many ways to do it without having to mess with the schools equipment.

Its just that if you didn't have permission, or were doing the reverse, such as remoting in from home, to the school network, I don't now of any school district that would allow that at face value or give permission, so I call BS on that and a quick question to the IT person in charge, if you WERE allowed, would of given you access if what you say is true and show you how to do it.

Sure, you may have gotten permission as you say, we can't verify that. We can't prove one way or the other. For arguments sake though, the whole thing not only smells fishy, its one of the reasons we have the rule of no hacking schools/work/etc, since one can never be sure whats being done, by who, and what the intent is.

Link to comment
Share on other sites

@reckles: The word 'bypassing', in itself, is showing me that you have no authorization to get into the systems. The words 'non-repudiation' means you must have some type of authentication to access certain things; like a signature to a credit card. If you did not sign a credit card receipt; you could contest the charges because you, the account holder, did not sign/authorize the charge. The same validation methods are in place to keep people with malicious intent out. If you want to have ANY type of career in the field of IT; you better not mess up your record.

@Digip: I feel this thread should be terminated... nothing valuable is being gained here. If he truly were allowed, the IT admin would set it up for him from school. I don't want to be involved in any type of fraud... :ph34r:

Edited by Pwnd2Pwnr
Link to comment
Share on other sites

I feel this thread should be terminated... nothing valuable is being gained here. If he truly were allowed, the IT admin would set it up for him from school. I don't want to be involved in any type of fraud... :ph34r:

QFE and heartily agree...I'm not a mod though. Just been here long enough to know the rules and what has been in the past acceptable and not acceptable.

Link to comment
Share on other sites

Having been a school network tech, I can tell you once the school in question finds out what you are doing, you are going to lose all your computer privileges, if you're lucky, just for the rest of the school year. We have banned kids for life.

Link to comment
Share on other sites

I don't believe that the OP intended to commit fraud but rather browse all the websites which his school has blocked. Maybe he just wants to go to Facebook or something. Either way, one should always get permission for this kind of stuff and it seems clear that he hasn't gotten it / the IT people at the school haven't given him a hand in this matter. There are usually reasons why schools / companies block certain websites.

Either way, I think this topic has been discussed a lot on this forum already and this isn't very constructive.

Locked.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...