Jump to content

Admin At School. What Next?


careless223

Recommended Posts

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Email the admins with details of how you were able to get admin access so that they can close the hole. It's the ethical hacker thing to do.

I found a way of doing something similar at school, when I told the sys. admins I got 'blasted' pretty badly by him.

Link to comment
Share on other sites

Email the admins with details of how you were able to get admin access so that they can close the hole. It's the ethical hacker thing to do.

I found a way of doing something similar at school, when I told the sys. admins I got 'blasted' pretty badly by him.

What happened?

Link to comment
Share on other sites

I just want to do something to stirr up some trouble and not get caught with it.

I am already "watched" for suspicious activity at school and it would not be such a great thing to get caught by being ethical about it and reporting the bug.

Also the grades are stored locally on the teachers computers and the only way that I can get to those files is by terminal acess with the credentials to log in as my teachers. Not hard to get but I have no time to do it.

I also what to know what they did to you kYd.

Link to comment
Share on other sites

yeah have almost admin on our computers, no hacks just stupid admins dont know ho to use group policys or monitor network drives ;) which on any given day you look hard enough you can find CS, Quake, and on there special share they call data you can find everything legit they use for setups, photoshop, xp iso's, vb studio and you get the point

Link to comment
Share on other sites

damn , our network on school is better secured and cant install progs without admin :(

cant even change the friggin back ground. (anyone know a dos command 4 this ? )

don't inform admins EVER. :x don't like em most of em abuse they're power.

me and a few m8's in class used to play around and talk with winchat .

most ppl don't know this im network type proggy wich is built in to all windows since 95 if i remember correctly.

u can chat to everyone on the network with it.

just go run> winchat.exe (can also be runt throuh a batch file.

after a year i informed the admin bout it and he locked it :( .

now trying to get a teacher account and then turn it in to admin .

other wise turn every computer in to a zombie... and use them to seed torrents... just a surgestion ^^

good idea ! its 4 the good of all

everyone benefits of it and the school has enough bandwith .

:P

Link to comment
Share on other sites

Find some way to tell the admins. Seriously. Play around with it a bit if you must, but if you get caught being admin you get your ass handed to you. If you can say in your defence "Hey, I told them about this 3 days ago" at least you can take a few steps towards the moral high-ground.

I really should play a bit with this. What use is a hacked Windows box to you? What would you make it do and how much of that activity will be visible to the person adminning the machine? Interesting questions.

Link to comment
Share on other sites

Don't do shit. You found the vulnerability, just leave it now. No need to do something with it, because you have the knowledge that you discovered a vuln., what more does a hacker need? Don't even tell the school admins, because you did something illegal in order to gain that knowledge. I have a friend who found a big hole in a website, called the admins and told them about it, then he got arrested....

Link to comment
Share on other sites

Can you get arrested in the US for telling someone they forgot to lock their car, and left the keys in the ignition?

If so, where's the logic in that? If not, why is it suddenly different when we're talking about computers?

Link to comment
Share on other sites

Can you get arrested in the US for telling someone they forgot to lock their car, and left the keys in the ignition?

If so, where's the logic in that? If not, why is it suddenly different when we're talking about computers?

good point !

but this is the world and ppl are dumb , governments r dumb ,....

white hats wanna help but most of the time wrn informing ppl they only get cussed to and/or treatended ......

its just sad :cry:

Link to comment
Share on other sites

You could a) anonymously tell an admin or b) fix it yourself or c) wait till someone else does something stupid with it.

It sounds from here like you just shoulder surfed the password. That's not really hacking - that's just lame. It might be a means but it's not really an end. If you don't have a really good reason to have that access then what the hell are you doing?? In this case informing admins would be a dumb idea - all it does is proves that you were trying to access their password.

If it was using a vunerability that you found - then that might possibly be interesting. In which case you might be more inclined to noitfy them about it - without giving away your identity of course!

Link to comment
Share on other sites

i think you should show them how bad the system is, but dont give them your name. just put a .txt file inside the admin foulder with info on how you did it and what you did. and remember to sign with you underground nick :roll:

but first just mess around a little but dont get busted..remember the 10 rules to not get busted hehe.

some1 here that want to teatch me more about linux PHLAK ?? just downloaded it. i know that its the ULTIMATE hacker OS. just need the know how to abuse it how it is meant hehe.

Link to comment
Share on other sites

some1 here that want to teatch me more about linux PHLAK ?? just downloaded it. i know that its the ULTIMATE hacker OS. just need the know how to abuse it how it is meant hehe.

Like any operating system you cannot just use PHLAK, you have to want to do some thing specificly befor you can use it, for example, you can ARP poison like in that episode of Hak5, but they used Whoppix insted, but it works just as well.

Link to comment
Share on other sites

ok thanks 4 the fast reply :D

i will go deeper into linux, but i dont have that mutch experiance on it right now. have tryed Knoppix and that was pretty good. i have tryed Suse to and that sucked.. but i just used Knoppix because it was so easy to use. now i want to learn how the system wroks.

can you help me on getting into the server in my school?

i want to get admin status on a computer on my school. just for phun and se if i can use linux to get that. got any ide if this will work ?? would it work to try and crack the SAM file, like they did in "the broken ep 3" ? it is runned on a windows 2000 server. i cant install anything on the computers. they have dissabled some CMD commands (and telnet). i have got into the printer and changed the language on it, then back. so i know it is possible to do something there.

Link to comment
Share on other sites

Can you get arrested in the US for telling someone they forgot to lock their car, and left the keys in the ignition?

If so, where's the logic in that? If not, why is it suddenly different when we're talking about computers?

A better analogy would be, can you get arrested for going around to people's houses and trying to open doors?? careless223 was actually trying to get in to the system, not just using the system and noticing a vuln.

I would say that careless223 should do nothing or anonymously tell the admins. Don't try to patch it and don't just leave a text file saying that it's vulnerable. Definitely do not ever use the vulnerability again. The best thing to do may be to send an e-mail from an anonymous account.

Ben

Link to comment
Share on other sites

Email the admins with details of how you were able to get admin access so that they can close the hole. It's the ethical hacker thing to do.

Just adding my $0.02

Just as a few others are pointing out, you should tell the admins. You should be able to find out the CIO or some very important persons email addresses through the public front end of the school.

Use a webmail account that you set up from a wireless network that is.. well there and is not yours.

Then see what happens.

You do not want them getting in your face for trying these locked doors, but you dont want to let them just go.

If they fix it, great, if they dont. You cant fix it for them.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...