Hacking into a school server

[t.o.t.s.e.]

At my school, we have a server for the entire place. Both students and faculty log on to the same server. Teachers keep test and quiz keys in their accounts on the server.

To access an account for a student, you need to know their student I.D. # for the username, and their password is the last four digits of their social security number.

I'm not sure what the teachers' login info is, but is there some sort of way to hack into the server and take test keys mor myself? if so, HOW?!?!?

[kelsokid18]

Quote:

Originally Posted by t.o.t.s.e.

I'm not sure what the teachers' login info is, but is there some sort of way to hack into the server and take test keys mor myself? if so, HOW?!?!?

1. Stand behind teacher being inconspicuous
2. Watch them login
3. ??????????
4. PROFIT!

[EricFGregory]

First tell us what you have so far. Then we might bother to tell you what you might be able to attain.
Questions like: "Do you have a laptop you can bring with you?" come to mind.
Or: "If not; what is the local security policy like? Can you install things?"
Also: "Would the teacher notice if you booted up a computer in Linux, or replaced or formatted a hard drive?"
And the ever popular: "Can you walk into the LAN closet, sit down at the server and work from there?"

Of course the last twat asking me shit like this was caught doing much less than I ever did and was kicked out of the school.

[zeusy|Nemsis]

Quote:

Originally Posted by EricFGregory

Of course the last twat asking me shit like this was caught doing much less than I ever did and was kicked out of the school.

Welcome to NS&H.
Internet tough guys attitude are not permited in here.
Unless you want the mighty Pr0metheum to put you back in your place.

Refer to the Xpenguin case.

[dragon:one]

Here's some personal advice from back in my school days:
0phcrack live CD. Look into using one if you're on a Vista/XP network. You may get a *few* passwords.

Our Novell network was managed via an app called "ConsoleOne". It allowed the admins to reset any user's Windows or GroupWise email passwords. With the password that I obtained from 0phcrack... I had full run over it.

It was a good day when I found the software folder on their server - folders like "camera surveilance software" with files like "Remote View Client.exe" and "settings.txt" make your day a lot more fun

[Th0r]

One sentence. Don't get caught like I did.

[alex333]

wouldnt a simple keylogger work? itd probably be the easiest way to go

[Lao Tzu]

Quote:

Originally Posted by Th0r

One sentence. Don't get caught like I did.

this.

[Jo Nathen]

try
username - Admin
password - admin

u - 1
pass - 1

I have gotten onto sneaky damn areas when I was in school but guessing user names.

[The Cheshire Cat]

If your school really sucks in the IT department, you could just use your browser to browse hidden directories and such. Networked places too

[Jo Nathen]

Quote:

Originally Posted by Expl0itz

If your school really sucks in the IT department, you could just use your browser to browse hidden directories and such. Networked places too

Firefox portable. Would def work.....

[completelyobvious]

find some kid taking computer networking or something like that, if you school offers that, sometimes the teacher will have the admin password and give it out to the students to do whatever work they do.

ask the kid what the password is, if he refuses, beat him till he does..

once password is in hand, find any computer where no one will see you, login, bust out user manager for domains, add your own admin account, make it something inconspicuous like Smith_jd: go back a couple days later, login, use my network places to find thier homeserver, or whatever, and DIG

[Tokerface]

Put a keylogger on the computer you know the teacher is about to use

[iotaatoi09]

most group password policies aren't going to allow for things like Admin/admin and root/isereet. Keyloggers aren't going to run with DEP settings and you're not going to get it into an admin account from a workstation. However you can capture the packets between your computer and your victim host and gather intel on what platform and software versions your victim server operate. Say you see something like:

00000000 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 HTTP/1.1 403 For
00000010 62 69 64 64 65 6e 0d 0a 43 6f 6e 74 65 6e 74 2d bidden.. Content-
00000020 4c 65 6e 67 74 68 3a 20 32 31 38 0d 0a 43 6f 6e Length: 218..Con
00000030 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f tent-Typ e: text/
00000040 68 74 6d 6c 0d 0a 53 65 72 76 65 72 3a 20 4d 69 html..Se rver: Mi
00000050 63 72 6f 73 6f 66 74 2d 49 49 53 2f 36 2e 30 0d crosoft- IIS/6.0.
00000060 0a 4d 69 63 72 6f 73 6f 66 74 4f 66 66 69 63 65 .Microso ftOffice
00000070 57 65 62 53 65 72 76 65 72 3a 20 35 2e 30 5f 50 WebServe r: 5.0_P
00000080 75 62 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 ub..X-Po wered-By
00000090 3a 20 41 53 50 2e 4e 45 54 0d 0a 44 61 74 65 3a : ASP.NE T..Date:
000000A0 20 57 65 64 2c 20 31 38 20 46 65 62 20 32 30 30 Wed, 18 Feb 200
000000B0 39 20 30 36 3a 30 37 3a 35 37 20 47 4d 54 0d 0a 9 06:07: 57 GMT..
000000C0 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 ..<html> <head><t
000000D0 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c itle>Err or</titl
000000E0 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c e></head ><body><
000000F0 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 69 72 65 head><ti tle>Dire
00000100 63 74 6f 72 79 20 4c 69 73 74 69 6e 67 20 44 65 ctory Li sting De
00000110 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 nied</ti tle></he
00000120 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 69 ad>.<bod y><h1>Di
00000130 72 65 63 74 6f 72 79 20 4c 69 73 74 69 6e 67 20 rectory Listing
00000140 44 65 6e 69 65 64 3c 2f 68 31 3e 54 68 69 73 20 Denied</ h1>This
00000150 56 69 72 74 75 61 6c 20 44 69 72 65 63 74 6f 72 Virtual Director
00000160 79 20 64 6f 65 73 20 6e 6f 74 20 61 6c 6c 6f 77 y does n ot allow
00000170 20 63 6f 6e 74 65 6e 74 73 20 74 6f 20 62 65 20 content s to be
00000180 6c 69 73 74 65 64 2e 3c 2f 62 6f 64 79 3e 3c 2f listed.< /body></
00000190 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e body></h tml>

one can pick out that the web server is IIS and we know its windows. Pick up the latest M$/IIS zero day and you're golden. However this is still not going to guarantee that you'll be able to do anything. There are a number of different scenarios and you have to learn which is applicable to your current target. A lot of ed networks actually run linux and then vmware windows on top of that. main thing is not to just be a jump in skr1ptk1ddi3 download some pr0n and k0dez but acutually learn the squillz to understand what processes are at work. My first high-school owning consisted of an old well-known exploit that could have been patched but was ignored. You will find this to be the most common case in why a box gets owned.

[Jo Nathen]

Are any high schools using Vista yet? .......

[iotaatoi09]

Quote:

Originally Posted by Jo Nathen

Are any high schools using Vista yet? .......

Probably. Most classrooms are being updated with new computers every couple of years now. In my area all the high school kids even get brand new vista laptops to take home.

[The General]

Yeah haha my school got the software compatable for the computers and some kid found the box's of them opened the up and we all took a copy of windows vista home premium. Sweetest shit ever and the school didn't even notice.

[Vega]

If you're just after passwords, you could break out the soldering iron or spend some money on a hardware keylogger.

DIY method