Jump to content

Welcome to Rune Tips, the first ever RuneScape help site. We aim to offer skill guides, quest guides, maps, calculators, informative databases, tips, and much more to help you get the most from the Massive Online Adventure Game, RuneScape, by Jagex Ltd © 2009.

Report Ad

Welcome to Forum.Tip.It
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

school network security challenge


  • Please log in to reply
40 replies to this topic

#1
noble_aloof
[ Display Name History ]

noble_aloof

    Varrock Guard

  • Members
  • 1,326 posts
  • Gender:Not Telling
  • Location:Dunder mifflin
  • Joined:27 January 2008
  • RuneScape Status:P2P
  • RSN:Noble Aloof
  • Clan:Fenghahe's Elite Investing Guild
there has been a "challenge" set out by the school network admin (and family friend of mine) for students in his computer class to detect holes in the security of the school and website network (i feel like i'm on HTS :ugeek: )



regularly, it is against school policy to do such manipulation, however he is making an exception.



this challenge has been set for freshmen, sophomores, and juniors. anyone who gets far in enough to manipulate data, take the website/computers down, or log on as an admin gets a 100 for the year in his class and automatic placement into the advanced computer class next year.



the rules:

you must not manipulate or tamper with data that you do not report in your end paper (yes we have to submit a paper)

no data will be destroyed or we will be disqualified (he is backing up all data for this contest, just in case)

no overflows or permanent damage should be done. any type of "flooding" should be done during 6pm-6am.

all school computers should remain functional for each school day (unless specifically reported)

you may work in groups but all students must be currently attending -our- school

we must register for this in his classroom or office, and have a breif chat with him.

the challenge starts monday.

there will be an afterschool work session on tuesday and thursday.





i am not totally sure if he has purposely put holes in the security or not. i will probably have to use a combination of my ipod touch, home computer, and school computer to get the job done



it sounds like we are going to have to report our every move to him.. might become more of a chore than an activity.



i will stop here incase this is against the rules. i'm just explaining this unique opportunity. what do you guys think, should i go for it? :ohnoes:
Staking: 4+ mil
Current Status: Training defense

#2
Makoto_the_Phoenix
[ Display Name History ]

Makoto_the_Phoenix

    Moss Giant Whipper

  • Members
  • 2,998 posts
  • Gender:Male
  • Location:Dancing on the Arms of Orion
  • Joined:20 September 2004
  • RuneScape Status:Retired
  • RSN:Makoto D
So, how often is is that an Administrator actually lets people try to break the network? Go for it, man.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.


#3
Nadril
[ Display Name History ]

Nadril

    Post Junkie

  • Members
  • 23,966 posts
  • Gender:Male
  • Location:Kansas
  • Joined:20 June 2004
  • RuneScape Status:Retired
Yeah it sounds fun. I'm sure you'll learn a ton in the process too.

#4
ElkNight
[ Display Name History ]

ElkNight

    Dragon Slayer

  • Members
  • 8,323 posts
  • Gender:Not Telling
  • Location:Whats kraken?
  • Joined:19 February 2007
  • RuneScape Status:None
Sounds interesting, I wish my school would do this, I would definitely try (With the help of my other nerd friend.)

No idea where/how I would start though. :lol:
Posted Image
8,180
WONGTONG IS THE BEST AND IS MORE SUPERIOR THAN ME
#1 Wongtong stalker.

Im looking for some No Limit soldiers!


#5
dsavi
[ Display Name History ]

dsavi

    Dragon Slayer

  • Members
  • 6,869 posts
  • Joined:30 July 2006
That is so not fair. -.-

C2b6gs7.png


#6
noble_aloof
[ Display Name History ]

noble_aloof

    Varrock Guard

  • Members
  • 1,326 posts
  • Gender:Not Telling
  • Location:Dunder mifflin
  • Joined:27 January 2008
  • RuneScape Status:P2P
  • RSN:Noble Aloof
  • Clan:Fenghahe's Elite Investing Guild
i think i'm going to try it. i'm not 100% sure.

the word on the street is that he does it every 4-5 years; last time he did it, he used the results and flaws to completely rebuild the school network.



a few useful things that i can do:

1. bring my ipod touch into the library and scan for a wireless network. if i connect use the iNet app to see what computers are connected to the network.

2. log on as a (less-tech-savy) teacher using their username and the default password

3. log on as a student who either dropped out or went elsewhere using the defualt password.





i have done some basic diagnostics

i have the ip adress of the school and the main server is running win 2003 server addition

the command prompts and right clicks are disabled on each regular user's computer.

there are only two admin accounts: "smith" and "jenkins" (for example)

i've found that the maximum length for any password is 8 characters.







here is my battle plan on monday

1. scan for a wireless network and hope to get on.

2. run iNet

3. go to 192.168.1.1 or 192.168.2.1 and hopefully log on with the admin/admin or root/root password set.

4. if i am able to do this, i can open ports on the network and re-route traffic to a different ip adress.

5. i will re-route the router to my home network and then run ettercap (lan analyzer)

6. ettercap will be used to sniff for entered passwords over the network

7. using 192.168.1.1 i will disable the i-prism internet policy for access.



i'd say maybe a 30% chance of success with the above method



here is my plan on tuesday

1. log on a school computer using a teachers username and default password

2. go to logmein and set up a backdoor of sorts.

3. see what teachers are able to do- maybe they don't have command prompt disabled?

4- idk where to go from here



how does this sound? i know it may be somewhat flawed.
Staking: 4+ mil
Current Status: Training defense

#7
JoeDaStudd
[ Display Name History ]

JoeDaStudd

    Ice Giant Melter

  • Members
  • 4,464 posts
  • Gender:Male
  • Location:In front of you
  • Joined:12 August 2005
  • RuneScape Status:P2P
  • RSN:joe da studd
A few simple tricks/tips



the at command - easy to use and allows you to open up task manager.

if cmd is playing up try command.com

50% of the time the local administrator user account will have no password.

ophcrack live CD is ideal for getting local account details.



Once your logged or have admin rights by killing explorer (if done right and with poor protection it will restart with admin rights) or using the at command, create a local user admin account. Then simply install VNC or a program of your choice.

The website will be a bit more tricky, but once your on the network you should be able to scout for spreadsheets and text files with ftp or other settings.



I'm jealous as hell about this as it would allow me to toy to my hearts content (I got bored with my colleges security after I made a quick application which allowed to disable there security and give me admin rights almost instantly).
Drops
Stats

#8
obfuscator
[ Display Name History ]

obfuscator

    Tanned Caveman

  • Members
  • 20,231 posts
  • Gender:Not Telling
  • Joined:6 March 2008
  • RuneScape Status:Retired
I would say go for it, sounds like it could be fun. Doubt I'd be any good at it though :(

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti


#9
Furah
[ Display Name History ]

Furah

    Dragon Slayer

  • Members
  • 5,081 posts
  • Gender:Male
  • Location:Australia, mining some Australium.
  • Joined:31 May 2007
  • RuneScape Status:P2P
  • RSN:Emp Midget
  • Clan:Reddit
An easyish way to get a teachers password is to find a reason for them to enter it in if they are a slow typer (this happened to me, I knew the pass but I didn't even bother using it. Still, do it, by the look of some people's posts it is a real good opportunity, if I knew enough about securiy penetration I would really want to be able to test it out like you get to.

Steam | PM me for BBM PIN

 

Nine naked men is a technological achievement. Quote of 2013.

 

PCGamingWiki - Let's fix PC gaming!


#10
Hobgoblinpie
[ Display Name History ]

Hobgoblinpie

    Ghost Cloak

  • Members
  • 1,824 posts
  • Gender:Male
  • Location:London, United Kingdom.
  • Joined:10 February 2008
  • RuneScape Status:P2P
  • RSN:Mansion
Try making zip files and loading them from inside the zip file. It usually works. Note that the program has to be either a portable version or a version that doesn't require installation, since you still wont have access to the required areas for installation.

#11
VARN
[ Display Name History ]

VARN

    Bear Fur

  • Members
  • 297 posts
  • Gender:Not Telling
  • Joined:2 January 2007
  • RuneScape Status:None
Why don't you just reset the local admin password on a computer that is on the network then reset the domain password, all the tools needed are freely downloadable on the internet.

#12
noble_aloof
[ Display Name History ]

noble_aloof

    Varrock Guard

  • Members
  • 1,326 posts
  • Gender:Not Telling
  • Location:Dunder mifflin
  • Joined:27 January 2008
  • RuneScape Status:P2P
  • RSN:Noble Aloof
  • Clan:Fenghahe's Elite Investing Guild
thank you for your replies. i had a talk with the administrator today. he was suprised to see my interest in computers as he has fixed my mother's computer several times.



he said that we are welcome to do any analytical work this weekend but we are not permitted to start the serious stuff til monday. he explained that i have to document everything i do even if it fails.



today:

i scanned the network with my ipod touch. it does not have a password. unfortunatly the network does not seem to be compatible for my ipod touch, so on monday i'll have to use my psp to scan.

i also might try to access the router using a computer in school
Staking: 4+ mil
Current Status: Training defense

#13
Chaise
[ Display Name History ]

Chaise

    Goblin Armour

  • Members
  • 126 posts
  • Location:somewhere over the rainbow
  • Joined:26 August 2007
  • RSN:Chaise91
This sounds like a ton of fun. Lol.

Gonna keep tabs on this thread.
~~Chaise91~~

#14
Smapla
[ Display Name History ]

Smapla

    Demon Vanquisher

  • Members
  • 2,498 posts
  • Joined:12 July 2005
phish the admin =p would be hilarious
Posted Image

#15
champion
[ Display Name History ]

champion

    Dragon Slayer

  • Members
  • 6,176 posts
  • Gender:Not Telling
  • Joined:10 August 2007
  • RuneScape Status:None

thank you for your replies. i had a talk with the administrator today. he was suprised to see my interest in computers as he has fixed my mother's computer several times.



he said that we are welcome to do any analytical work this weekend but we are not permitted to start the serious stuff til monday. he explained that i have to document everything i do even if it fails.



today:

i scanned the network with my ipod touch. it does not have a password. unfortunatly the network does not seem to be compatible for my ipod touch, so on monday i'll have to use my psp to scan.

i also might try to access the router using a computer in school


If the PSP doesn't work and you still need to find a network, I'd recommend getting a $0.99 app for your touch called WifiTrack. I have a similar free app (which has since been discontinued) that often picks up on networks the internal finder doesn't find (usually lower-signal ones) and makes it easier to connect to the ones with lower signals. Just in case. :)

 


#16
Laura
[ Display Name History ]

Laura

    Cor Aut Mors

  • Members
  • 3,425 posts
  • Gender:Not Telling
  • Location:Home is where the Army sends you.
  • Joined:18 July 2007
  • RuneScape Status:None

thank you for your replies. i had a talk with the administrator today. he was suprised to see my interest in computers as he has fixed my mother's computer several times.



he said that we are welcome to do any analytical work this weekend but we are not permitted to start the serious stuff til monday. he explained that i have to document everything i do even if it fails.



today:

i scanned the network with my ipod touch. it does not have a password. unfortunatly the network does not seem to be compatible for my ipod touch, so on monday i'll have to use my psp to scan.

i also might try to access the router using a computer in school


If the PSP doesn't work and you still need to find a network, I'd recommend getting a $0.99 app for your touch called WifiTrack. I have a similar free app (which has since been discontinued) that often picks up on networks the internal finder doesn't find (usually lower-signal ones) and makes it easier to connect to the ones with lower signals. Just in case. :)

The iPod Touch and iPhone alike both pick up 2.4GHz frequencies and they cannot detect 802.11n standards or 5GHz frequencies. Should the school network be either one (or both) of these, then no software will help. It is also possible that they have turned off the broadcast of the SSID (which is more likely) and you will need to know both the username and password.
Posted Image

#17
noble_aloof
[ Display Name History ]

noble_aloof

    Varrock Guard

  • Members
  • 1,326 posts
  • Gender:Not Telling
  • Location:Dunder mifflin
  • Joined:27 January 2008
  • RuneScape Status:P2P
  • RSN:Noble Aloof
  • Clan:Fenghahe's Elite Investing Guild

thank you for your replies. i had a talk with the administrator today. he was suprised to see my interest in computers as he has fixed my mother's computer several times.



he said that we are welcome to do any analytical work this weekend but we are not permitted to start the serious stuff til monday. he explained that i have to document everything i do even if it fails.



today:

i scanned the network with my ipod touch. it does not have a password. unfortunatly the network does not seem to be compatible for my ipod touch, so on monday i'll have to use my psp to scan.

i also might try to access the router using a computer in school


If the PSP doesn't work and you still need to find a network, I'd recommend getting a $0.99 app for your touch called WifiTrack. I have a similar free app (which has since been discontinued) that often picks up on networks the internal finder doesn't find (usually lower-signal ones) and makes it easier to connect to the ones with lower signals. Just in case. :)




thats what i'm using :D
Staking: 4+ mil
Current Status: Training defense

#18
RSBDavid
[ Display Name History ]

RSBDavid

    Ice Giant Melter

  • Members
  • 4,113 posts
  • Gender:Male
  • Joined:18 April 2006
  • RuneScape Status:P2P
  • RSN:Davidd

phish the admin =p would be hilarious




I phished our school techies password with a litttle photoshopping and vb.net programming. (fake novell login window) I am tight with him so I told him what I did and he still hasn't changed his password.

Posted Image

[Software Engineer] - [Ability Bar Suggestion] - [Gaming Enthusiast]


#19
Wizz
[ Display Name History ]

Wizz

    Moss Giant Whipper

  • Members
  • 2,979 posts
  • Gender:Male
  • Location:Orange County; California
  • Joined:27 February 2007
  • RuneScape Status:Retired
  • RSN:Sir Wizz K
  • RSN2:Fampster
Reminds of the time me and a few friends of mine "ACCIDENTALLY" :anxious: took down the District Firewall.
Wongton is better than me in anyway~~

Posted Image

#20
Smapla
[ Display Name History ]

Smapla

    Demon Vanquisher

  • Members
  • 2,498 posts
  • Joined:12 July 2005

phish the admin =p would be hilarious




I phished our school techies password with a litttle photoshopping and vb.net programming. (fake novell login window) I am tight with him so I told him what I did and he still hasn't changed his password.






yeah i did something similar last year to mess with a friend, also a fake novell login =p
Posted Image




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users