Jump to content
Sign in to follow this  
noble_aloof

school network security challenge

Recommended Posts

If they haven't password protected the BIOS, you can have a lot of fun destroying computers. My friend and I were bored one day and we decided to get to the BIOS Settings (Hold Delete at loading or something) and just changed everything. The computer pretty much got screwed. Then they added passwords to the BIOS on every computer.

 

I've never understood why people do this. The taxpayers pay for the schools (your parents), and you go around screwing the computers up.

 

It's just really idiotic and immature to do something like that.


J'adore aussi le sexe et les snuff movies

Je trouve que ce sont des purs moments de vie

Je ne me reconnais plus dans les gens

Je suis juste un cas désespérant

Et comme personne ne viendra me réclamer

Je terminerai comme un objet retrouvé

Share this post


Link to post
Share on other sites

It's not like resetting a bios is hard anyways. Still it's a childish thing to do and just wastes the IT's time.

Share this post


Link to post
Share on other sites

If you can't connect to the wifi and it's an open connection (no password) it probably has a MAC filter. This would be pretty easy to connect onto though. Find out the MAC of a wireless host and spoof that MAC onto your computer and you can connect.

 

 

 

The router for a schools network is probably not a 192.168 address as that is usually too small for a school network (254 hosts maximum). Try 172.16.1.0 or something similar in the 172.16.x.x range. Or type in ipconfig into the command prompt to get your ip address and it's usually the first address on the address space. For example if your address is a 172.16.1.30 the router is probably 172.16.1.1.

 

 

 

The router may not be accessible by a web interface to begin with as it may only be accessible from a serial port depending on the network configuration.

 

 

 

BTW if you need to get the local admin password it is very easy to do. There are many utilities you can find on Google to tell you the password.

 

 

 

Soon as you get the local admin password you can then start to explore the network and see how it works. Check for simple security hole like if the system is patched with the latest windows updates and out of date versions of popular programs that can be exploited like Adobe Flash. If there's a simple security hole that's not patched on the network you can pretty easily take the hole thing down with a pre-made virus. Such as my school's network still doesn't have the hole patched that the Conficker worm uses.

 

 

 

If you need to open the command prompt when run is disabled. Open notepad, type in "cmd[Caution: Executable File]" and save the file with .bat at the end and run it. This is a batch file that can be very useful/deadly.

 

 

 

This is for educational purposes only, I am not responsible for any damage caused.


goldenblade995.png

Share this post


Link to post
Share on other sites

if any of this stuff actually WORKS, then you have the worst school security system ever made. And it sounds like your tech guy knows his stuff, so he'll be working against you the whole time.


Tk5SF.png

Share this post


Link to post
Share on other sites

If you can, try to make it that when you go on the website, a video of Rick Roll starts and when somebody opens a computer, everybody gets Rick Rolled. That would be sooo funny.


ib7rVm.png

Share this post


Link to post
Share on other sites
If you can, try to make it that when you go on the website, a video of Rick Roll starts and when somebody opens a computer, everybody gets Rick Rolled. That would be sooo funny.

 

 

 

ha ha... :|

Share this post


Link to post
Share on other sites
If you can, try to make it that when you go on the website, a video of Rick Roll starts and when somebody opens a computer, everybody gets Rick Rolled. That would be sooo funny.

 

 

 

the video is not called "Rick roll" it is called never gonna give you up. rick roll is the term used when you trick someone into viewing / listening to the video / song.

 

 

 

bob rickrolled suzy

 

bob wants to rickroll suzy

 

bob was rickrolled by suzy

 

bob likes rickroll by rick astley


fishing.gif

Share this post


Link to post
Share on other sites
If you can, try to make it that when you go on the website, a video of Rick Roll starts and when somebody opens a computer, everybody gets Rick Rolled. That would be sooo funny.

 

 

 

the video is not called "Rick roll" it is called never gonna give you up. rick roll is the term used when you trick someone into viewing / listening to the video / song.

 

 

 

bob rickrolled suzy

 

bob wants to rickroll suzy

 

bob was rickrolled by suzy

 

bob likes rickroll by rick astley

 

win

Share this post


Link to post
Share on other sites

I don't know anything about the actual security, but recovery questions are a great way to get into accounts. (One of our teachers actually has "Red" and "Ferrari" as answers to favourite colour and car.


Aurei_Animus.png

Share this post


Link to post
Share on other sites
I don't know anything about the actual security, but recovery questions are a great way to get into accounts. (One of our teachers actually has "Red" and "Ferrari" as answers to favourite colour and car.

 

I wonder what he would like as a present from someone....not a gray Holden, obviously


Steam | PM me for BBM PIN

 

Nine naked men is a technological achievement. Quote of 2013.

 

PCGamingWiki - Let's fix PC gaming!

Share this post


Link to post
Share on other sites

Are your school computers RM by any chance?

 

 

 

Rm is an education-only brand, and interestingly, their computers are set to boot from a USB over the HDD. So, in theory you could get a portable linux distro, and run that, and do anything you want.


So don't let anyone tell you you're not worth the earth,

These streets are your streets, this turf is your turf,

Don't let anyone tell you that you've got to give in,

Cos you can make a difference, you can change everything,

Just let your dreams be your pilot, your imagination your fuel,

Tear up the book and write your own damn rules,

Use all that heart, hope and soul that you've got,

And the love and the rage that you feel in your gut,

And realise that the other world that you're always looking for,

Lies right here in front of us, just outside this door,

And it's up to you to go out there and paint the canvas,

After all, you were put on the earth to do this,

So shine your light so bright that all can see,

Take pride in being whoever the [bleep] you want to be.

Share this post


Link to post
Share on other sites

hey everybody, sorry i haven't updated in weeks. the "challenge" is now over, two older kids cracked the admins password and thus could do anything they wanted. WE did manage to do something though

 

 

 

i choose to work with a friend, he was the leader of our two person group, so he would have to write the paper.

 

 

 

heres what we did:

 

came in with PSP's to detect wireless connection, then went to 127.0.0.1 or something like that. it needed a password, however there was some problem with the page where it said "smith" -named protected for privacy. smith is our computer admins last name. (as i stated before)- the wireless router only sent out a certain type of signal, which my ipod touch could not pick up. if my ipod DID connect, i could have used iNet to portscan and see what was on the network.

 

 

 

i tried many passwords and then remembered something from the beginning of the year.

 

 

 

my last name has an apostrophe in it, and i couldn't log in to the school computers. so at the beginning of the year, mr. smith had to log on and change my information. i remembered that his username was simply "smith". and on his username, from any computer, he could do anything he wanted (including modify usernames and such)

 

 

 

i tried many passwords, but to no avail. i knew i would have to do something different.

 

 

 

i started looking all around the schools website for example (www.school.net) and saw that some pages were viewed through directories.

 

for example, to view the school calendar- www.school.net/PRINCIPAL/calendar.

 

so, i decided to go to www.school.net/principal.

 

access was denied. this was interesting.

 

 

 

next i found a very useful directory. www.school.net/MainFeatures/

 

i browsed this directory and found a lot of useful documents

 

through this directory, i went to another directory www.school.net/mainfeatures/johnson (another one of our administrators)

 

 

 

i went home that night and thought about what to do next. the next morning (saturday) i went to the /johnson directory where i found a folder called "troubleshoot" . it required a password to view. after several failed combinations i had my friend come over. we continued to try until we found that johnson's first name was the password. now we were getting somewere.

 

 

 

inside this folder we found many different useful pages. we found a folder titled "08 server switch"- this was when our computers were updated over thanksgiving break in 08. inside this folder there was a folder titled "principal"

 

there were several old files there, but we finally found a useful one, titled "login"

 

 

 

this was an html file which was sent to our principal from johnson. it said "hello, patrick. incase you are having problems logging in upon returning to school, please use this form to log in to your home page"

 

 

 

it had username, password and then a button to login. for some reason, the button was un-clickable (disabled)

 

stupidly, we thought we had to be in school to do this. the next day in homeroom we tried it but the button was still disabled.

 

 

 

when i went home that night i decided i would use firebug, and to my suprise, i could enable the button!

 

i had alot of work that night so the next day i had my friend over.

 

we went to the directory, enabled the button and entered our login information. upon clicking it we were redirected to www.school.net/principal with plenty of options! success!

 

 

 

we decided not to tamper with anything so we submitted our paper on what we could do and such. the admin was pleased, and we were both placed in advanced computer science!


[size="5"][font="Georgia"][b]Staking:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#FFFF00"][/color][color="#00FF00"] 4+ mil[/color][/font]
[font="Georgia"][b]Current Status:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#0000FF"] Training defense [/color][/font][/size]

Share this post


Link to post
Share on other sites

Noble, once you got to the principal's "page", what were some of the things you could've done?


~~Chaise91~~

Share this post


Link to post
Share on other sites

it seemed to have a thing where i could send a message to every teachers email adress

 

i could write a school bulliton

 

i could edit the calendar

 

i could edit the school cafeteria survey/menu

 

a tab said "admissions"

 

another tab said "athletics"- i'm guessing i could edit the athletic ticker and athletic pages

 

another tab said "dean of students"-i could view the JUG lists, disciplinary records, fundraiser, class trip, and special even information, funds, messages, etc- this seemed to be viewable by all teachers

 

another thing that seemed viewable by all was the "teacher center". the principal probably had administrative privilages there.

 

i didn't look into it, but there was a link to "final exams"

 

there was also a link to "grading" :ohnoes: :ohnoes:

 

 

 

 

 

 

 

i'm sure there was more.. i should have seen what else i could have done. hehehe


[size="5"][font="Georgia"][b]Staking:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#FFFF00"][/color][color="#00FF00"] 4+ mil[/color][/font]
[font="Georgia"][b]Current Status:[/b][/font][font="Palatino Linotype"][color="#FF0000"][/color][color="#0000FF"] Training defense [/color][/font][/size]

Share this post


Link to post
Share on other sites

Noble, I would have gone into grading and set my grades to 100 for computers and tell him that he doesn't need to change my grade, I've already done it.


Steam | PM me for BBM PIN

 

Nine naked men is a technological achievement. Quote of 2013.

 

PCGamingWiki - Let's fix PC gaming!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.