Jump to content

school network security challenge


noble_aloof

Recommended Posts

there has been a "challenge" set out by the school network admin (and family friend of mine) for students in his computer class to detect holes in the security of the school and website network (i feel like i'm on HTS :ugeek: )

 

 

 

regularly, it is against school policy to do such manipulation, however he is making an exception.

 

 

 

this challenge has been set for freshmen, sophomores, and juniors. anyone who gets far in enough to manipulate data, take the website/computers down, or log on as an admin gets a 100 for the year in his class and automatic placement into the advanced computer class next year.

 

 

 

the rules:

 

you must not manipulate or tamper with data that you do not report in your end paper (yes we have to submit a paper)

 

no data will be destroyed or we will be disqualified (he is backing up all data for this contest, just in case)

 

no overflows or permanent damage should be done. any type of "flooding" should be done during 6pm-6am.

 

all school computers should remain functional for each school day (unless specifically reported)

 

you may work in groups but all students must be currently attending -our- school

 

we must register for this in his classroom or office, and have a breif chat with him.

 

the challenge starts monday.

 

there will be an afterschool work session on tuesday and thursday.

 

 

 

 

 

i am not totally sure if he has purposely put holes in the security or not. i will probably have to use a combination of my ipod touch, home computer, and school computer to get the job done

 

 

 

it sounds like we are going to have to report our every move to him.. might become more of a chore than an activity.

 

 

 

i will stop here incase this is against the rules. i'm just explaining this unique opportunity. what do you guys think, should i go for it? :ohnoes:

[size="5"][font="Georgia"][b]Staking:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#FFFF00"][/color][color="#00FF00"] 4+ mil[/color][/font]
[font="Georgia"][b]Current Status:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#0000FF"] Training defense [/color][/font][/size]
Link to comment
Share on other sites

So, how often is is that an Administrator actually lets people try to break the network? Go for it, man.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites

Sounds interesting, I wish my school would do this, I would definitely try (With the help of my other nerd friend.)

 

No idea where/how I would start though. :lol:

10postchm2105.png

8,180

WONGTONG IS THE BEST AND IS MORE SUPERIOR THAN ME

#1 Wongtong stalker.

Im looking for some No Limit soldiers!

Link to comment
Share on other sites

i think i'm going to try it. i'm not 100% sure.

 

the word on the street is that he does it every 4-5 years; last time he did it, he used the results and flaws to completely rebuild the school network.

 

 

 

a few useful things that i can do:

 

1. bring my ipod touch into the library and scan for a wireless network. if i connect use the iNet app to see what computers are connected to the network.

 

2. log on as a (less-tech-savy) teacher using their username and the default password

 

3. log on as a student who either dropped out or went elsewhere using the defualt password.

 

 

 

 

 

i have done some basic diagnostics

 

i have the ip adress of the school and the main server is running win 2003 server addition

 

the command prompts and right clicks are disabled on each regular user's computer.

 

there are only two admin accounts: "smith" and "jenkins" (for example)

 

i've found that the maximum length for any password is 8 characters.

 

 

 

 

 

 

 

here is my battle plan on monday

 

1. scan for a wireless network and hope to get on.

 

2. run iNet

 

3. go to 192.168.1.1 or 192.168.2.1 and hopefully log on with the admin/admin or root/root password set.

 

4. if i am able to do this, i can open ports on the network and re-route traffic to a different ip adress.

 

5. i will re-route the router to my home network and then run ettercap (lan analyzer)

 

6. ettercap will be used to sniff for entered passwords over the network

 

7. using 192.168.1.1 i will disable the i-prism internet policy for access.

 

 

 

i'd say maybe a 30% chance of success with the above method

 

 

 

here is my plan on tuesday

 

1. log on a school computer using a teachers username and default password

 

2. go to logmein and set up a backdoor of sorts.

 

3. see what teachers are able to do- maybe they don't have command prompt disabled?

 

4- idk where to go from here

 

 

 

how does this sound? i know it may be somewhat flawed.

[size="5"][font="Georgia"][b]Staking:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#FFFF00"][/color][color="#00FF00"] 4+ mil[/color][/font]
[font="Georgia"][b]Current Status:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#0000FF"] Training defense [/color][/font][/size]
Link to comment
Share on other sites

A few simple tricks/tips

 

 

 

the at command - easy to use and allows you to open up task manager.

 

if cmd is playing up try command.com

 

50% of the time the local administrator user account will have no password.

 

ophcrack live CD is ideal for getting local account details.

 

 

 

Once your logged or have admin rights by killing explorer (if done right and with poor protection it will restart with admin rights) or using the at command, create a local user admin account. Then simply install VNC or a program of your choice.

 

The website will be a bit more tricky, but once your on the network you should be able to scout for spreadsheets and text files with ftp or other settings.

 

 

 

I'm jealous as hell about this as it would allow me to toy to my hearts content (I got bored with my colleges security after I made a quick application which allowed to disable there security and give me admin rights almost instantly).

[hide=Drops]

  • Dragon Axe x11
    Berserker Ring x9
    Warrior Ring x8
    Seercull
    Dragon Med
    Dragon Boots x4 - all less then 30 kc
    Godsword Shard (bandos)
    Granite Maul x 3

Solo only - doesn't include barrows[/hide][hide=Stats]

joe_da_studd.png[/hide]

Link to comment
Share on other sites

An easyish way to get a teachers password is to find a reason for them to enter it in if they are a slow typer (this happened to me, I knew the pass but I didn't even bother using it. Still, do it, by the look of some people's posts it is a real good opportunity, if I knew enough about securiy penetration I would really want to be able to test it out like you get to.

Steam | PM me for BBM PIN

 

Nine naked men is a technological achievement. Quote of 2013.

 

PCGamingWiki - Let's fix PC gaming!

Link to comment
Share on other sites

Try making zip files and loading them from inside the zip file. It usually works. Note that the program has to be either a portable version or a version that doesn't require installation, since you still wont have access to the required areas for installation.

Link to comment
Share on other sites

Why don't you just reset the local admin password on a computer that is on the network then reset the domain password, all the tools needed are freely downloadable on the internet.

Link to comment
Share on other sites

thank you for your replies. i had a talk with the administrator today. he was suprised to see my interest in computers as he has fixed my mother's computer several times.

 

 

 

he said that we are welcome to do any analytical work this weekend but we are not permitted to start the serious stuff til monday. he explained that i have to document everything i do even if it fails.

 

 

 

today:

 

i scanned the network with my ipod touch. it does not have a password. unfortunatly the network does not seem to be compatible for my ipod touch, so on monday i'll have to use my psp to scan.

 

i also might try to access the router using a computer in school

[size="5"][font="Georgia"][b]Staking:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#FFFF00"][/color][color="#00FF00"] 4+ mil[/color][/font]
[font="Georgia"][b]Current Status:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#0000FF"] Training defense [/color][/font][/size]
Link to comment
Share on other sites

thank you for your replies. i had a talk with the administrator today. he was suprised to see my interest in computers as he has fixed my mother's computer several times.

 

 

 

he said that we are welcome to do any analytical work this weekend but we are not permitted to start the serious stuff til monday. he explained that i have to document everything i do even if it fails.

 

 

 

today:

 

i scanned the network with my ipod touch. it does not have a password. unfortunatly the network does not seem to be compatible for my ipod touch, so on monday i'll have to use my psp to scan.

 

i also might try to access the router using a computer in school

 

If the PSP doesn't work and you still need to find a network, I'd recommend getting a $0.99 app for your touch called WifiTrack. I have a similar free app (which has since been discontinued) that often picks up on networks the internal finder doesn't find (usually lower-signal ones) and makes it easier to connect to the ones with lower signals. Just in case. :)

 

Link to comment
Share on other sites

thank you for your replies. i had a talk with the administrator today. he was suprised to see my interest in computers as he has fixed my mother's computer several times.

 

 

 

he said that we are welcome to do any analytical work this weekend but we are not permitted to start the serious stuff til monday. he explained that i have to document everything i do even if it fails.

 

 

 

today:

 

i scanned the network with my ipod touch. it does not have a password. unfortunatly the network does not seem to be compatible for my ipod touch, so on monday i'll have to use my psp to scan.

 

i also might try to access the router using a computer in school

 

If the PSP doesn't work and you still need to find a network, I'd recommend getting a $0.99 app for your touch called WifiTrack. I have a similar free app (which has since been discontinued) that often picks up on networks the internal finder doesn't find (usually lower-signal ones) and makes it easier to connect to the ones with lower signals. Just in case. :)

The iPod Touch and iPhone alike both pick up 2.4GHz frequencies and they cannot detect 802.11n standards or 5GHz frequencies. Should the school network be either one (or both) of these, then no software will help. It is also possible that they have turned off the broadcast of the SSID (which is more likely) and you will need to know both the username and password.
hopesolopatriot.jpg
Link to comment
Share on other sites

thank you for your replies. i had a talk with the administrator today. he was suprised to see my interest in computers as he has fixed my mother's computer several times.

 

 

 

he said that we are welcome to do any analytical work this weekend but we are not permitted to start the serious stuff til monday. he explained that i have to document everything i do even if it fails.

 

 

 

today:

 

i scanned the network with my ipod touch. it does not have a password. unfortunatly the network does not seem to be compatible for my ipod touch, so on monday i'll have to use my psp to scan.

 

i also might try to access the router using a computer in school

 

If the PSP doesn't work and you still need to find a network, I'd recommend getting a $0.99 app for your touch called WifiTrack. I have a similar free app (which has since been discontinued) that often picks up on networks the internal finder doesn't find (usually lower-signal ones) and makes it easier to connect to the ones with lower signals. Just in case. :)

 

 

 

thats what i'm using :D

[size="5"][font="Georgia"][b]Staking:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#FFFF00"][/color][color="#00FF00"] 4+ mil[/color][/font]
[font="Georgia"][b]Current Status:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#0000FF"] Training defense [/color][/font][/size]
Link to comment
Share on other sites

phish the admin =p would be hilarious

 

 

 

I phished our school techies password with a litttle photoshopping and vb.net programming. (fake novell login window) I am tight with him so I told him what I did and he still hasn't changed his password.

wii_wheaton.png

[software Engineer] -

[Ability Bar Suggestion] - [Gaming Enthusiast]

Link to comment
Share on other sites

phish the admin =p would be hilarious

 

 

 

I phished our school techies password with a litttle photoshopping and vb.net programming. (fake novell login window) I am tight with him so I told him what I did and he still hasn't changed his password.

 

 

 

 

 

yeah i did something similar last year to mess with a friend, also a fake novell login =p

fishing.gif
Link to comment
Share on other sites

It'd be good to know a few things;

 

What browser is used on the school computers?

 

What Content Management System (if any) does the school website run? Try and find out which version too (vulnerabilities).

 

Is the BIOS password protected on the school computers?

 

--> Boot Ubuntu Live CD etc.

 

Try basic URLS; 192.168.*.*

 

Try find the IP of a currently logged in Teacher and change the port (Remote Desktop programs may be running on the network) --> 192.169.0.56:5800 etc.

 

Print a Printer data/information sheet, usually gives you a whole lot of information on the network and it's various IP addresses.

 

Try http://intranet/ (I managed to get the admin password to the School website from a Microsoft Access file as they had left the intranet open. (I did not take advantage of having a admin password - not a hacker & a stupid thing to do))

 

Brute force password on school website.

 

 

 

 

 

Of course, I don't recommend doing anything like this normally, hacking won't get you anywhere if you're wearing a black hat.

Link to comment
Share on other sites

It'd be good to know a few things;

 

What browser is used on the school computers?

 

What Content Management System (if any) does the school website run? Try and find out which version too (vulnerabilities).

 

Is the BIOS password protected on the school computers?

 

--> Boot Ubuntu Live CD etc.

 

Try basic URLS; 192.168.*.*

 

Try find the IP of a currently logged in Teacher and change the port (Remote Desktop programs may be running on the network) --> 192.169.0.56:5800 etc.

 

Print a Printer data/information sheet, usually gives you a whole lot of information on the network and it's various IP addresses.

 

Try http://intranet/ (I managed to get the admin password to the School website from a Microsoft Access file as they had left the intranet open. (I did not take advantage of having a admin password - not a hacker & a stupid thing to do))

 

Brute force password on school website.

 

 

 

 

 

Of course, I don't recommend doing anything like this normally, hacking won't get you anywhere if you're wearing a black hat.

The Ubuntu Live CD is what I was thinking. Although I get the feeling that school computers would not be set to run straight off of the CD drive. That is easily circumvented if the option is available to change the boot settings at start-up. I've actually been meaning to try it sometime with my school computers and a USB thumb drive. Of course, using the Ubuntu Live CD would just let you get around the limitations on the computer, you'd still have to get into the network and school database.

 

 

 

This would be incredibly fun to do, although I'd hate for it to end with someone with no technical experience stumbling across one of the holes.

There's no such thing as regret. A regret means you are unhappy with the person you are now,

and if you're unhappy with the person you are, you change yourself. That

regret will no longer be a regret, because it will help to form the new,

better you. So really, a regret isn't a regret.

It's experience.

Link to comment
Share on other sites

At my school, each student is supplied with a laptop with extremely restricted capabilities as a normal user, so in order to give us access to power user with command prompt access, we simply turn off the wi-fi while it is connecting to our account on the network.

 

 

 

Also, in order to get administrative privileges, try re-formatting a flash drive to boot knopix, unscrew the harddrive, and it should automatically try and boot from a disc or external memory (your flash drive). After that, either grab the S.A.M files on the computer (where all the passwords are stored) or run rainbow tables, which should be easy if the passwords are short.

 

 

 

hopefully this will supply you with all the information you need ;)

wop wop

Link to comment
Share on other sites

If they haven't password protected the BIOS, you can have a lot of fun destroying computers. My friend and I were bored one day and we decided to get to the BIOS Settings (Hold Delete at loading or something) and just changed everything. The computer pretty much got screwed. Then they added passwords to the BIOS on every computer.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.