Jump to content

Admin At School. What Next?


careless223

Recommended Posts

we also got a quite new computer network at our school (for 2 years now, oh HIGH TECH GERMANY! ph33r!). i hung an old 233mhz laptop with my favourite linux distro and some tools (ettercap, ethereal, nmap and stuff) to the rj45 port, took over the desktops MAC adress (easiest way to get into the net) and arp'ed the whole network. sat between the server/router/samba/gateway/whatever and all other client machines and fired up ethereal to capture data. yeah, was fun. the company which installed the network had a paragraph in the agreement with our school that if security is breached that hard (would have been possible to easilly collect LOADS of personal data) we would get all the money back we've payed for the network and the computers ;P

well, apart from network insecurity.. C:Windows was all writable.. stupid idiots :/ now guess where we store ut and starcraft ;)

well, i only told some trustworthy people (also teachers) but nobody did nothing, just turned out to be real fun

i wouldn't even call it hacking - that network is bs, every kid could break it.

Link to comment
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

lmfao!!! thats well cool.

u arp'd the WHOLE network on a 233 :shock: haha thats well cool, wat kinda data did u get.

im gonna arp my school one day...well i gotta do it quick :P i leave in like 40days and counting.

there are like 500 windows 20000 b0x's on r school network...will a 233 b able to handle that!?

:D:D

just boring smb broadcast discovery shit, dunno ;) and some http

it was only running.. mh... 3 minutes? and our network isn't that big.

the most funniest thing would be forcing samba clients to use cleartext passwords

but that funny lil plugin doesn't work that good anymore with new clients.

well.

there are other possibilties though

Link to comment
Share on other sites

It was acturally a snafu on the admins side.

You can run a dos executable (batch file) on all the machines.

So what I did was run that file which made another account on the local machine.

From there I logged onto the local machine and tried to disable deepfreeze.

Deepfreeze is a program that prevents writing to the disk.

We all have our own usernames and passwords that we log on with but there is a seceret student account and a seceret geust account.

In addition to our credentials we are also granted a 200 meg partition on the local school server.

This we are able to write to.

So I fired up process explorer. (Another mistake by the admins. No executable should be able to run without admin privleges.)

I killed deepfreeze so I coul dnow write to the disk.

I ran a modified version of my batch file which created another account on the local machine.

This time the username was gfunk with the password of r93jgns'3b.

I made shure it wasent tracable to me.

From here I could run cmd and all other applications and install anything.

I went onto the main server where all the logon info is stored and copied the SAM file to my USB drive and took it home.

I fired up Cain and Able and logged onto Rainbow Crack.

I had the admin usernames and passwords within 5 minutes.

Link to comment
Share on other sites

Lol for everything :D

Im close enough to getting admin in my school, but 2 years ago, somebody sholdered it and got expelled from school. Im just afaid to have the information if you know what I mean; too much knowledge.

Basically, I found a couple vulnerable 2000 comps that were running SP0 UNPATCHED! It was pathetic. I just made a local admin account and I can just grap the SAM file whenever I choose to and bring it home and crack it. (We do use AD for usernames, but there is a local admin account on every computer called 'sysop'; works on the domain too!)

And yes, my network is "secure". You need admin to install anything (ecept firefox; which is now on half the comps thanks to me :D). Just bring in a laptop, like I do, and do it all from there.

Also, I scanned the network to find the main switches and router. I did find them, and the hilarious thing is that they are defaulted for administration! admin:admin gets you in ssh, telnet, and the web interface. I am basically the most knowledgable person in the school, even more so then the school "admin" whic his a nitwit. The only person that knows more then me, is my CCNA teacher, but he knows different things such as networking which I am still learning but know most. (Not trying to brag, just stating the obvious...)

I should tell my CCNA teacher about it because we both know that I could do something if I really wanted to, and I could right now. If I wanted to, I could scan all the packets and get usernames and password for everything I could ever dream of.

Now all this from a "secure" network is pretty pathetic, but they are getting better. They have begun to block certain websites; myspace, daveproxy, youtube, google images, etc. But we just use ninjaproxy. When that gets banned, we will find one of the umteenbillion of them out there :D

A couple years ago when that kid got the admin password, they freaked out and redid the entire network in our school and the technicians could have done a better job with their head up there asses. They wired everything incorrectly and used HUBS! HUBS!!! NOT SWITHCES! This waws only about 2 years ago...They are however, replacing our 100mb hubs for 1000 switches; good cisco/smc ones. We have been running thousands of comps on hubs for years and it is REDICULOUS! We have a true 100mb connection to the internet because comcast let us as long as the county paid for the equipment, which they did. Because it is almost all hubs in the wire closets, I get no faster then dial-up speeds most of the time. If you are lucky, you are connected to the main switch (like our CCNA room) and get the full 100mbs about.

Anyways, that is my retarded ass school. They should just hire me to run the whole schools network.

Link to comment
Share on other sites

well, I would have agrred with darren. Baout 5 mounths ago, I ran linux coped sam and system.... long story short I had admin rights. Instead of beign a dumb ass, I went streat to the technology person in our school and explained the problem. I got 3 days suspention, and not aloud to use the comptuers for hte rest of htey year (Not that that ever stoped me :)) but thats my thng, schools dont take kindly to being expoited

Link to comment
Share on other sites

Good thing I go to the school that I do then. I didn't get in any trouble for telling them how I got into the command promt(and therefor access to the hdd too). But then again It's not like I got into the admin.

Link to comment
Share on other sites

Netmeeting? pfff thats nothing, now NetOp is some thing ^^ You should remotly kill random tasks on people computers in the same room as you for a good old laugh (you know how to use the tasklist and taskkill commands rihgt?)

Link to comment
Share on other sites

Maybe the trick is to explain that certain restrictions can be lifted, and only SUGGEST that certain important files might be accessible because of it. Of course, you didn't try that since that would be illegal, and chose to inform the school staff instead. You wouldn't want to get in trouble or anything...

Link to comment
Share on other sites

Can you get arrested in the US for telling someone they forgot to lock their car, and left the keys in the ignition?

If so, where's the logic in that? If not, why is it suddenly different when we're talking about computers?

No, but you could get arrested if you opened the door and took the keys, copied them, then returned them and told the person about it

Link to comment
Share on other sites

No, but you could get arrested if you opened the door and took the keys, copied them, then returned them and told the person about it

The problem is that when you disclose a vulnerability with a computer system, whomever you're disclosing it to will assume you used that vuln to get in and wreak havoc, and when you finally got tired of ramming it up their ass decided you might aswell explain to them why sitting down hurts these days...

When in fact you might just have done the ethical thing and reported a problem you just happened to stumble over.

Guess people chose to pay attention when Cypher said "Ignorance is bliss".

Link to comment
Share on other sites

I'm sorry but this is just ridiculous. Hoo freaking ray you can ARP poison a network. Wow look at all these SMB packets. Wow you can read an admins password over their shoulder. Hey, you can open a text file with a bunch of passwords in it.

It's not worth discussing at all! It's the hacker equivilant to saying "Hey, you know, if you go to the post office and put a letter in the box it gets taken away to the place you wrote on the envelope! Isn't that amazing!?" What might be worth discussing is if you found a vunerability in a piece of software or practice. Or there is a hole in some security measure. Hell, even just saying that people save passwords in plaintext might be worth some discussion.

If you don't understand why the hole exists then you've completely missed the point. It's not about breaking into things. That isn't what hacking is about! It's about understanding the technology you're using and making it work the way YOU want it to - rather than the way it was designed to.

But the most ridulous part of this topic is how people are boasting on a public forum about doing stuff to their school networks - which I might add are mostly owned in some part by the GOVERNMENT. Think about that for a minute ....

With people using the term hacking like this I'm not surprised we've got such a bad image.

Not aimed at anyone in particular, but at this topic generally.

Link to comment
Share on other sites

I'm sorry but this is just ridiculous. Hoo freaking ray you can ARP poison a network. Wow look at all these SMB packets. Wow you can read an admins password over their shoulder. Hey, you can open a text file with a bunch of passwords in it.

At least I don't feel a penis enlargement when doing such things, it's just about trying out theories and having some fun. But I agree, also thinking that a majority of people "hacking" do not fully understand what they are doing.

It's not worth discussing at all! It's the hacker equivilant to saying "Hey, you know, if you go to the post office and put a letter in the box it gets taken away to the place you wrote on the envelope! Isn't that amazing!?" What might be worth discussing is if you found a vunerability in a piece of software or practice. Or there is a hole in some security measure. Hell, even just saying that people save passwords in plaintext might be worth some discussion.

IMHO that's your point of view, it can be alot of fun discovering special vulnerabilities by thinking about how you could get into something without knowing how it really works. There comes the analysiation part which also includes some kind of datamining. Apparently the things more advanced people are doing perfectly fits your description of "[finding holes] in some security measure". But yes, opening WinChat/cmd isn't a success at all :-) - BUT I have to admit, I personally enjoyed discovering some of windows' pseudo security measures. (copy C:WINDOWSSystem 32cmd.exe to desktop and rename it to foo.exe to run it - what the hell were they thinking?)

If you don't understand why the hole exists then you've completely missed the point. It's not about breaking into things. That isn't what hacking is about! It's about understanding the technology you're using and making it work the way YOU want it to - rather than the way it was designed to.

That's true ;) As I think for myself, I do understand the technology I use. And if anybody here doesn't - please regard doing so! It is alright to let some of those tools inspirate you, but then just think about it and try to understand what it actually DOES - consider writing something custom which is faster/better/more appropriate for the task.

But the most ridulous part of this topic is how people are boasting on a public forum about doing stuff to their school networks - which I might add are mostly owned in some part by the GOVERNMENT. Think about that for a minute ....

I wasn't that amazed when I read the thread topic at first, too.

With people using the term hacking like this I'm not surprised we've got such a bad image.

Well, script kiddies will last forever, just have to take a look at /var/log/auth, bruteforcing sshd and stuff.. Apart from causing alot of traffic it's somehow getting on my nerves :)

Link to comment
Share on other sites

I suppose I am quite lucky with my School Admins, I get on well with them and have my own Admin account anyway. The students at my school even have our own servers now amoungst other things.

I think you should either forget the flaw or let the admins know, definitely don't do anything. Because if you do do something then you could ruin a lot of peoples work, possibly coursework which could then affect the whole of their lives. Its just not worth it. And finding the hole is always more fun than when you have got it.

Link to comment
Share on other sites

I managed to get an admin account at my school and have full admin rights including the ability to open a command prompt and change all settings. :lol:

What should I do next?

I can think of a few but I need ideas.

:twisted:

I can think of a few ideas, and its along the same lines as darrens. Dont do anything. Anonymously report the exploit so that they can patch it.

I would also like to point out that the majoirty of the talk on this thread has been about CRACKING, not HACKING. HACKERS SEEK TO UNDERSTAND THE TECHNOLOGY THAT THEY WORK WITH, CRACKERS SEEK TO CAUSE TROUBLE.

lol. Im going to school to get a degree in computer forensics. Our proff taught us how to crack an ntfs partition, but that doesnt mean im going to go to every computer on our network and do it.

The funny thing is that there are a few people on this thread who have teh exact same thoughts as I do. Its not worth it to exploit something, especially on a school network where you are in close proximity with the computer you exploited. Take it from me. If you do something, and it happens to be major, the chances are really good that you will be caught.

Link to comment
Share on other sites

Well I told them today.

I did have soem fun though and installed half-life and doom on some machines that I use.

I dropped the admins a text file in tehir floders and ime shure they have seen it by now.

I realize now that it is not about that you can do it.

Its about learning from poking around and not doing it.

To all the n00bs and script kiddies that have posted on this thread I hope that you can learn from what you find.

Link to comment
Share on other sites

well me n my friend finally did wat we wanted to do 2day...we managed to get access to EVERYONE's userdata on the server...so we can delete peoples work...leave notes in there areas =D good fun :D

Well it sounds like your type of file exploitation isnt condoned here.

I still wonder why you insist on telling us these things.

How about you delete some random important files on your computer and destroy any backups you have. Just to feel what its like to have it done to you, then come back and tell us how funny it was.

Link to comment
Share on other sites

I did have soem fun though and installed half-life and doom on some machines that I use.

If you were trying to be anonymous its difficult unless there are a lot of people with your skill set that use that computer. It doesnt take a genius to figure out which kid knows something.

Link to comment
Share on other sites

Indeed. Fucking with other peoples work just because you can is lame.

Instead, see if you can use the elevated privileges on that machine to get access to other machines on the network, or perhaps access to network services that are otherwise restricted.

The fun lies in finding the problem and exploiting it. Not in the abusing of the privileges it yields. Leaving a note here or there might sound like fun to get instant bragging rights with your mates, but keep in mind that stupid stuff like that is what got many virus writers caught.

Link to comment
Share on other sites

Real hacking isn't malicious. But if you do it for a purpose , IE you can't do anything on the computer and it is over secure I could see a purpose.

It's not wrong to get access to run programs but is wrong to destroy data or computers. Now once you get in you can't tell anyone. You will get into a lot of trouble. At schools the only reason the kids who get access get caught is because of boasting or telling the sys admins. Just keep it a secret and run a couple of programs you need to run once in awhile.

As for security. This is not really a hack perse. I ran ProcessExplorerNt on a library computer and killed all the protections. Right after I did that I got a start menu (there was none before) and I could browse files and get onto the file server (with some brute forcing). All downloadable programs. I could delete everyone's library bill but I told them. Later I got offered a job for security. Sadly I couldn't take it because of school and my own lazyness.

That was awhile ago though..

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...