sintax Posted May 27, 2008 Share Posted May 27, 2008 Hello all, I have a rather long story, but the short version of it is that at one point during school I inserted a switchblade drive (this is the reason I label my drives, I've got 2 U3s) into a Windows 2000 machine, and since I didn't know it was a switchblade drive, I did not hold shift. The virus scanner (OfficeScan) popped up with a few detections, which I assumed were a few of the progs I had written myself or had on my thumb drive, and since it didn't delete them, I just ignored it. (Oh, and for the record it's GonZor's payload) About a month later I was called down to the office, as two "hacking tools" as they called them were discovered on my account. They gave me the names: firepassword.exe (the firefox password dumper) and Cache A dump (no idea what this is, it could have been cachea.dump, knowing the idiots I was dealing with) How could these two files, or evidence of these two files, have been left behind? Also, if you have another spare moment, I could use a few suggestions about how to get myself out of this. Thanks -Sintax Quote Link to comment Share on other sites More sharing options...
digip Posted May 27, 2008 Share Posted May 27, 2008 Just a word to the wise, this is why it is suggested not to do this at work or school, etc, and you must understand the consequences before using such tools. Best case scenario is deniability, and not bringing the device into school. Claim it must have been someone attacking the machine you were at while you were logged in or something, and that they did it while you were logged on, but away from the machine or something. Really though, you should own up to it, tell them it was a mix up with your thumb drives and that you brought the wrong one in or something. I doubt they are going to let it go since they pin pointed you in the issue, so most likely you can expect disciplinary action on their part. Good luck! Quote Link to comment Share on other sites More sharing options...
iisonly Posted May 27, 2008 Share Posted May 27, 2008 :lol: Happend to me to. F-Secure popped up some alerts and 18. minutes later i got email from our ... IT Specialist titled "Whats going on???" i replayed and thank god, this was all of it :) You are questioning how did they knew program names? F-Secure sends every alert to some specified email address (if specified) and it looked like that: Date: 2008-04-03 09:16:49+03:00 Host: KLASS1-04 (192.168.5.4) Computer name: klass1-04 User account: ITCOLLEGE\tpuhu Product: F-Secure Anti-Virus (OID: 1.3.6.1.4.1.2213.12) Severity: security alert (5) Message: Spyware detected: Type: riskware Family: Name: PSWTool.Win32.Messen Object: E:\SYSTEM\SRC\MSPASS.EXE Action: Removal from the system failed. Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 27, 2008 Share Posted May 27, 2008 Hello all, I have a rather long story, but the short version of it is that at one point during school I inserted a switchblade drive (this is the reason I label my drives, I've got 2 U3s) into a Windows 2000 machine, and since I didn't know it was a switchblade drive, I did not hold shift. The virus scanner (OfficeScan) popped up with a few detections, which I assumed were a few of the progs I had written myself or had on my thumb drive, and since it didn't delete them, I just ignored it. (Oh, and for the record it's GonZor's payload) About a month later I was called down to the office, as two "hacking tools" as they called them were discovered on my account. They gave me the names: firepassword.exe (the firefox password dumper) and Cache A dump (no idea what this is, it could have been cachea.dump, knowing the idiots I was dealing with) How could these two files, or evidence of these two files, have been left behind? Also, if you have another spare moment, I could use a few suggestions about how to get myself out of this. Thanks -Sintax Tell them there network, is actually your network that they are paying for, just for fun. Quote Link to comment Share on other sites More sharing options...
sintax Posted May 27, 2008 Author Share Posted May 27, 2008 Tell them there network, is actually your network that they are paying for, just for fun. Haha, yeah. I basically got the same told to me, "This isn't your network that WE are paying for!" I have to say I chucked at that one. However, what I was told is that the files were "left on the server" and yes, I did ask to make sure it wasn't just the scan logs, the files were actually physically on the server. Is it a possibility that OfficeScan made a copy or something? Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 27, 2008 Share Posted May 27, 2008 It's probably poorly configured so makes a 'quarantined' copy before deleting it, and probably copies file permissions and ownership along with it. Another good one is "Your server, is actually my torrent tracker." Quote Link to comment Share on other sites More sharing options...
sintax Posted May 28, 2008 Author Share Posted May 28, 2008 Haha yeah, alright. I'm probably gonna just say that i switched the drives by accident, although there is no proof of that so ill probably get busted anyway, but whatever. The thing i find hilarious is that I'm the "hacker" at my school, I have a bit of a rep. And I get asked for help from them more than I get in trouble with them, I'm good friends with the head IT guy. So I probably won't get in much, if any trouble. Thanks guys Peace -Sintax Quote Link to comment Share on other sites More sharing options...
tim.vangehugten Posted May 28, 2008 Share Posted May 28, 2008 If you do this again then just use someone else his/her account I always do:p Quote Link to comment Share on other sites More sharing options...
snakey Posted May 28, 2008 Share Posted May 28, 2008 deny till you die and you will have no problem. Act dumb say you dont know what it is and that another student might have hacked your account so on and so forth and you'll be sweet. also don't be stupid with switchblade mark all your switchblade drives with a (s) at the end so it font happen again. Quote Link to comment Share on other sites More sharing options...
moonlit Posted May 28, 2008 Share Posted May 28, 2008 deny till you die and you will have no problem. Act dumb say you dont know what it is and that another student might have hacked your account so on and so forth and you'll be sweet. also don't be stupid with switchblade mark all your switchblade drives with a (s) at the end so it font happen again. Yeah, that's great and all, until you realise that they've had an eye on you for a while and that "someone probably hacked my account" is about as believable as "I actually live on Jupiter, I wasn't aware that the rules were different from planet to planet". Quote Link to comment Share on other sites More sharing options...
Rab Posted May 28, 2008 Share Posted May 28, 2008 you hacked the gibson from your house? Quote Link to comment Share on other sites More sharing options...
snakey Posted May 29, 2008 Share Posted May 29, 2008 obviously you haven't been in school for years mr moonlit. In my final year i got caught getting free photocopy's ( not quite hacking but pretty similar punishment ) i just acted dumb said i didn't know anything and a random guy told me the code and i got off the hook :). do something similar and you will be fine. Also a school network admin aint going to be watching you for a while he government they dont do there job properly. Quote Link to comment Share on other sites More sharing options...
VaKo Posted June 1, 2008 Share Posted June 1, 2008 Just lie about it. Deny all, act surprised and ask worried questions about your files being hacked and could the viruses infect your word documents. (Even though they are not, your a layman, and a layman thinks a virus scanner is for stopping viruses, so anything it picks up is a virus). Quote Link to comment Share on other sites More sharing options...
sintax Posted July 12, 2008 Author Share Posted July 12, 2008 Wow its been a while, just came back to Hak.5 and am gonna be a bit more active in the forums But anyway, the way this whole thing turned out is that I ended up getting 2 detentions, despite what the head guy tried to do for me. Not a huge deal, I basically just said it was a mistake, but they didn't really care. Whatever. Well anyway, thanks for the comments Peace Quote Link to comment Share on other sites More sharing options...
snakey Posted July 12, 2008 Share Posted July 12, 2008 should have denied and acted dumb Quote Link to comment Share on other sites More sharing options...
sintax Posted July 17, 2008 Author Share Posted July 17, 2008 should have denied and acted dumb Problem is I can't do that, considering the staff already knows that I knew a lot about computers =\ Quote Link to comment Share on other sites More sharing options...
iisonly Posted July 18, 2008 Share Posted July 18, 2008 firepassword.exe aint hacking/cracking/sniffing/etc tool but password recovery tool!!1! :) and you just happened to dblclick on it ;) Quote Link to comment Share on other sites More sharing options...
snakey Posted July 18, 2008 Share Posted July 18, 2008 sounds liek you dont if your getting into trouble like this :P Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.