monitor file access
+ Reply to Thread
Results 1 to 2 of 2

Thread: Hacking High School Systems.

  1. #1
    carlo Guest

    Hacking High School Systems.

    Section *: Accessing the Shared Network

    Computer class (if you have one) is of course a good place to start.
    Your computer class will undoubtedly use a windows operating system
    (not saying this is always the case, but usually...) so let's start
    from there. Usually these computers have two rights, user and
    administrator rights. So our first goal here is to jump from user (the
    privileges you currently have) to administrator privileges. If the
    operating system is Windows *.x then we will look for the *.pwl file
    for the administrator account. This will be labeled according to the
    admin username. You'll find this in the windows directory. Just sneak
    in a floppy disk during class and copy the file to the floppy. Then
    take the file home and use a pwl cracker to crack the file (if you use
    brute force, make the settings lower case letters with *-*0 characters,
    but I'd s***est first trying a dictionary crack. Just collect yourself
    a few word lists). It'll take a while to crack the password so you will
    have to be patient. If the operating system is Windows XP then that
    just makes it even easier. Just grab a Windows 2k CD (download one off
    kazaa or overnet, if you don't have a copy) and sneak it into class.
    Place the CD in and boot up the computer. Then start the Win2k Recovery
    Console, which is a troubleshooting program. This will allow you to
    operate as administrator without even having to bother with the
    password. So now that you have administrator privileges go to "Network
    Neighborhood" and take a look through the network. Copy a few addresses
    (anything that seems interesting), and if the computers used are Win*.x,
    when you go home you can load up your internet browser and type
    "file://[target address]" to gain access. This is network access, but
    not the kind that will allow you to gain superuser access (unless the
    software the teachers use for accessing/modifying/deleting student
    records happens to be installed on the computer, and the password just
    conveniently happens to be the same password that the teacher uses on
    the windows administration account....which is not entirely far
    fetched). If the computer you are using is Win2k (Windows 2000) use the
    newest version of pwdump2 to dump the hash, and then use L0phtcrack to
    break it.

    p.s: If you don't have a computer class, then you can try the computers
    at the library.

    Section 2: Network Exploitation

    Now let's talk network operating systems (NOSs). If your school uses
    Windows workgroups as a NOS, then the method described above would be
    your method in. Most likely, if the NOS is not windows workgroups, then
    it is Novell Netware. So now lets get into novell. Novell Netware is a
    server-based operating system for networks. Novell runs off a version
    of DOS called dr-dos (also known as Caldera DOS, since it was created
    by Caldera Systems Inc). It also runs off a protocol called IPX/SPX
    (Internetwork Packet eXchange/Sequencial Packet eXchange), which is
    very TCP/IP compatible (the later versions of novell run off a protocol
    based off ipx/spx known as NCP, Netware Core Protocol). Now in novell
    netware there are four different kind of rights given. There is user
    which gives access to //public and some other basic files. There is
    superuser, which is the access given to teachers. With this access they
    can view and delete student accounts whenever neccessary, but they can
    not delete, create, or change accounts. There is supervisor, which is
    the access administrators give themselves to work off of. And finally
    there is console, which is the highest rights one could gain on a
    novell network. Now since there have already been many articles
    written on novell network infiltration (and I'm in a lazy mood) I am
    now going to point you in the direction of articles that I had posted
    up from a previous article on a very similar subject (exactly the same
    subject actually, but targeted at a specific school network)...

    Novell Netware v*.x-4.x: [url][/url]

    Novell Netware v*.*2-4.x: [url][/url]

    Novell Netware v5.x: [url][/url]

    There is also AppleTalk, which may be implemented in order to
    integrate the Macintosh computers with the rest of the network, but it
    isn't really necessary to exploit AppleTalk so I won't get into it.

    Now lets get into exploiting the network from a remote location, which
    I'm sure is what most of you want to do. Lets start off with the
    school's website (if your school happens to have one). The best way to
    find out which server the school is using is by telneting into port
    80, but instead of writing the address as it is, change the last
    character of the address from .html or .htm to something like .htmx,
    thereby causing the server to bring up an error which will contain the
    type and version of the server that is hosting the school's website. If
    the server you happen to find is an IIS server, then you can likely
    find a login.asp page on the site. If you do so, then you can perform
    an sql injection on the login.asp page, to gain access into the
    internal network without raising any eyebrows from security (it will
    only log up as an error 500 I believe, though my memory is a bit vague).
    If this is not an option then you can perform a netscan (scan from* - on the netblock, based on the ip
    address that is hosting the web site, in order to find other servers
    (ftp, remote administration, etc.) that you can use to crawl into the
    internal network. For example, the router will usually be addressed on
    *.*. If you do a quick port scan on the router, then you will find
    either/or a telnet server (2*) or snmp (*6*). If telnet is open then
    you can exploit the fact that all telnet sessions are unencrypted by
    using a tool like either J***ernaut, Hunt, or IP Watcher to hijack a
    session to passively sniff out sensitive information (like passwords
    of course). Of course you can also skip all that and just try and crack
    the telnet prompt with tools like brutus. SNMP is protected by
    community strings, but in many cases these are set as default, which is
    "private". If not you can use a community string brute force program
    (for example SolarWinds) to break into the router. There are other
    servers of course that you will find on the netrange that I will not
    get into, because it will be up to you to do the research necessary
    (find out which servers are running and which versions they are, what
    they are vulnerable to, etc). Sometimes you can also do it the old
    school way and perform an exchange scan on the school using a war
    dialer (like you can see on the movie Wargames) to perhaps find an open
    modem that you can break through to send you right into the internal
    network (you may think such methods are outdated, but you would be
    surprised). You can set the area for this scan based on one of the
    public phone numbers for the school district itself. Not the school
    you are attending, but the school district. Since as you may have
    noticed from this article, the internal network is for the school
    district, which are separated into separate networks that are routed
    together. I'm sure school districts are also jumping into wireless
    technology, and it's a possibility (depending on school funding and the
    district's awareness) that your school has also implemented such
    technologies into their internal network in order to provide
    convenience and efficiency for the staff of the school district. For
    an introduction to wireless technologies and how one can exploit such
    implementations then I would highly s***est reading my System Cracking
    2k article (which you can find with a quick google search).

    Note: If the teachers at your school use a program called
    TSIS to manage student records, then usually there will also be a
    TSIS remote login server on the network. Using a scanner you should be
    able to pick up on this. The address is usually...

    [url]http://tsis.(county[/url] name).k*2.(state initials).us

    If you happen to find one of these, then you can probably use a
    technique like passive packet sniffing or http cracking to gain access
    into the internal network.

    Note again: For those who may have noticed, this is a revised version
    of my "Cracking School Networks" article.

  2. #2
    Join Date
    Nov 2005
    [url][/url] - sound familiar?

    If your are the same person, apologies. If not, don't copy other peoples work.
    Last edited by Timelord; 11-10-2005 at 11:05 PM.

+ Reply to Thread

Similar Threads

  1. Hacking Windows Systems.
    By carlo in forum Internet Privacy
    Replies: 2
    Last Post: 11-06-2005, 01:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts