careless223 Posted March 7, 2006 Share Posted March 7, 2006 I managed to get an admin account at my school and have full admin rights including the ability to open a command prompt and change all settings. What should I do next? I can think of a few but I need ideas. :twisted: Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted March 7, 2006 Share Posted March 7, 2006 Email the admins with details of how you were able to get admin access so that they can close the hole. It's the ethical hacker thing to do. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 7, 2006 Share Posted March 7, 2006 other wise turn every computer in to a zombie... and use them to seed torrents... just a surgestion ^^ Quote Link to comment Share on other sites More sharing options...
careless223 Posted March 7, 2006 Author Share Posted March 7, 2006 I like Sparda's idea better. The fact that you can run any executable at all is a taboo. Or should I have fun in netsend. Make "lols haxed appear on every screen". Quote Link to comment Share on other sites More sharing options...
DeadlyDemon Posted March 7, 2006 Share Posted March 7, 2006 beh not a very nice thing to do :-/ even though i've tried to get admin account at college aswell ROFL but thats only just to see if i can, not to do anything baaad Quote Link to comment Share on other sites More sharing options...
Zaitsevs Posted March 7, 2006 Share Posted March 7, 2006 Email the admins with details of how you were able to get admin access so that they can close the hole. It's the ethical hacker thing to do. quoted for truth. Quote Link to comment Share on other sites More sharing options...
kYd Posted March 8, 2006 Share Posted March 8, 2006 Email the admins with details of how you were able to get admin access so that they can close the hole. It's the ethical hacker thing to do. I found a way of doing something similar at school, when I told the sys. admins I got 'blasted' pretty badly by him. Quote Link to comment Share on other sites More sharing options...
mubix Posted March 8, 2006 Share Posted March 8, 2006 Email the admins with details of how you were able to get admin access so that they can close the hole. It's the ethical hacker thing to do. I found a way of doing something similar at school, when I told the sys. admins I got 'blasted' pretty badly by him. What happened? Quote Link to comment Share on other sites More sharing options...
rFayjW98ciLoNQLDZmFRKD Posted March 8, 2006 Share Posted March 8, 2006 Use it to change you grades and spend more time on more important things like Hacking, Quake, and IPTV! :D Quote Link to comment Share on other sites More sharing options...
Neod101 Posted March 8, 2006 Share Posted March 8, 2006 ...have fun in netsend.Make "lols haxed appear on every screen". Then Email the admins with details of how you were able to get admin access so that they can close the hole. Quote Link to comment Share on other sites More sharing options...
careless223 Posted March 8, 2006 Author Share Posted March 8, 2006 I just want to do something to stirr up some trouble and not get caught with it. I am already "watched" for suspicious activity at school and it would not be such a great thing to get caught by being ethical about it and reporting the bug. Also the grades are stored locally on the teachers computers and the only way that I can get to those files is by terminal acess with the credentials to log in as my teachers. Not hard to get but I have no time to do it. I also what to know what they did to you kYd. Quote Link to comment Share on other sites More sharing options...
gonffen Posted March 8, 2006 Share Posted March 8, 2006 You could always slip them a note or something. Telling the admins doesn't mean you have to have a meeting with them or something. -gonffen Quote Link to comment Share on other sites More sharing options...
melodic Posted March 8, 2006 Share Posted March 8, 2006 :twisted: Quote Link to comment Share on other sites More sharing options...
scriptersx Posted March 8, 2006 Share Posted March 8, 2006 yeah have almost admin on our computers, no hacks just stupid admins dont know ho to use group policys or monitor network drives ;) which on any given day you look hard enough you can find CS, Quake, and on there special share they call data you can find everything legit they use for setups, photoshop, xp iso's, vb studio and you get the point Quote Link to comment Share on other sites More sharing options...
DLSS Posted March 8, 2006 Share Posted March 8, 2006 damn , our network on school is better secured and cant install progs without admin :( cant even change the friggin back ground. (anyone know a dos command 4 this ? ) don't inform admins EVER. :x don't like em most of em abuse they're power. me and a few m8's in class used to play around and talk with winchat . most ppl don't know this im network type proggy wich is built in to all windows since 95 if i remember correctly. u can chat to everyone on the network with it. just go run> winchat.exe (can also be runt throuh a batch file. after a year i informed the admin bout it and he locked it :( . now trying to get a teacher account and then turn it in to admin . other wise turn every computer in to a zombie... and use them to seed torrents... just a surgestion ^^ good idea ! its 4 the good of all everyone benefits of it and the school has enough bandwith . :P Quote Link to comment Share on other sites More sharing options...
cooper Posted March 8, 2006 Share Posted March 8, 2006 Find some way to tell the admins. Seriously. Play around with it a bit if you must, but if you get caught being admin you get your ass handed to you. If you can say in your defence "Hey, I told them about this 3 days ago" at least you can take a few steps towards the moral high-ground. I really should play a bit with this. What use is a hacked Windows box to you? What would you make it do and how much of that activity will be visible to the person adminning the machine? Interesting questions. Quote Link to comment Share on other sites More sharing options...
harrison Posted March 8, 2006 Share Posted March 8, 2006 Don't do shit. You found the vulnerability, just leave it now. No need to do something with it, because you have the knowledge that you discovered a vuln., what more does a hacker need? Don't even tell the school admins, because you did something illegal in order to gain that knowledge. I have a friend who found a big hole in a website, called the admins and told them about it, then he got arrested.... Quote Link to comment Share on other sites More sharing options...
cooper Posted March 8, 2006 Share Posted March 8, 2006 Can you get arrested in the US for telling someone they forgot to lock their car, and left the keys in the ignition? If so, where's the logic in that? If not, why is it suddenly different when we're talking about computers? Quote Link to comment Share on other sites More sharing options...
DLSS Posted March 8, 2006 Share Posted March 8, 2006 Can you get arrested in the US for telling someone they forgot to lock their car, and left the keys in the ignition?If so, where's the logic in that? If not, why is it suddenly different when we're talking about computers? good point ! but this is the world and ppl are dumb , governments r dumb ,.... white hats wanna help but most of the time wrn informing ppl they only get cussed to and/or treatended ...... its just sad :cry: Quote Link to comment Share on other sites More sharing options...
goldfish Posted March 8, 2006 Share Posted March 8, 2006 You could a) anonymously tell an admin or b) fix it yourself or c) wait till someone else does something stupid with it. It sounds from here like you just shoulder surfed the password. That's not really hacking - that's just lame. It might be a means but it's not really an end. If you don't have a really good reason to have that access then what the hell are you doing?? In this case informing admins would be a dumb idea - all it does is proves that you were trying to access their password. If it was using a vunerability that you found - then that might possibly be interesting. In which case you might be more inclined to noitfy them about it - without giving away your identity of course! Quote Link to comment Share on other sites More sharing options...
evilFuzzY Posted March 8, 2006 Share Posted March 8, 2006 i think you should show them how bad the system is, but dont give them your name. just put a .txt file inside the admin foulder with info on how you did it and what you did. and remember to sign with you underground nick :roll: but first just mess around a little but dont get busted..remember the 10 rules to not get busted hehe. some1 here that want to teatch me more about linux PHLAK ?? just downloaded it. i know that its the ULTIMATE hacker OS. just need the know how to abuse it how it is meant hehe. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 8, 2006 Share Posted March 8, 2006 some1 here that want to teatch me more about linux PHLAK ?? just downloaded it. i know that its the ULTIMATE hacker OS. just need the know how to abuse it how it is meant hehe. Like any operating system you cannot just use PHLAK, you have to want to do some thing specificly befor you can use it, for example, you can ARP poison like in that episode of Hak5, but they used Whoppix insted, but it works just as well. Quote Link to comment Share on other sites More sharing options...
evilFuzzY Posted March 8, 2006 Share Posted March 8, 2006 ok thanks 4 the fast reply :D i will go deeper into linux, but i dont have that mutch experiance on it right now. have tryed Knoppix and that was pretty good. i have tryed Suse to and that sucked.. but i just used Knoppix because it was so easy to use. now i want to learn how the system wroks. can you help me on getting into the server in my school? i want to get admin status on a computer on my school. just for phun and se if i can use linux to get that. got any ide if this will work ?? would it work to try and crack the SAM file, like they did in "the broken ep 3" ? it is runned on a windows 2000 server. i cant install anything on the computers. they have dissabled some CMD commands (and telnet). i have got into the printer and changed the language on it, then back. so i know it is possible to do something there. Quote Link to comment Share on other sites More sharing options...
ben Posted March 8, 2006 Share Posted March 8, 2006 Can you get arrested in the US for telling someone they forgot to lock their car, and left the keys in the ignition?If so, where's the logic in that? If not, why is it suddenly different when we're talking about computers? A better analogy would be, can you get arrested for going around to people's houses and trying to open doors?? careless223 was actually trying to get in to the system, not just using the system and noticing a vuln. I would say that careless223 should do nothing or anonymously tell the admins. Don't try to patch it and don't just leave a text file saying that it's vulnerable. Definitely do not ever use the vulnerability again. The best thing to do may be to send an e-mail from an anonymous account. Ben Quote Link to comment Share on other sites More sharing options...
Faith +1 Posted March 8, 2006 Share Posted March 8, 2006 Email the admins with details of how you were able to get admin access so that they can close the hole. It's the ethical hacker thing to do. Just adding my $0.02 Just as a few others are pointing out, you should tell the admins. You should be able to find out the CIO or some very important persons email addresses through the public front end of the school. Use a webmail account that you set up from a wireless network that is.. well there and is not yours. Then see what happens. You do not want them getting in your face for trying these locked doors, but you dont want to let them just go. If they fix it, great, if they dont. You cant fix it for them. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.