i arp poisoned my school.... redirected the webpage used for grades to a local website hosted on my laptop.
also got into the county servers... but that was a hole lot worse then the arp poisin incident.
After I see the outcome of this mess, I might just have to explain to my principle all the security bug in her network, even though she treats me like shit.*FIXED*
man I thought I we were bad by using a permission exploit to put halo CE installers on our student network drives, but then again our tech admin was kickass
I once installed Non Steam Counter Strike 1.6 Non-steam edition from digitalzone on 9 computers... so 3 times a week we had nice lan seshs' lol....next thing you know our new tech teacher installed it on his. Whenever everyone had to do research and read tech news...we had 5 on 5s on the low..because class had 3 rows...other students never knew what was going on 3rd row and why were always quiet
freshman year i made a batch file that stoped the remote vision client from responding to the host... thus preventing the teacher from shutting off the internet.
late freshman year, i bought in halo CE, cs 1.6 and cs:s in on a dvd... all cracked so that we could play on lan, all you had ot do was copy the files to the computer.
beginning of sophmore year, the tech blocked all exe's other than the ones needed (such as word)... we found that renaming halo.exe to powerpnt.exe bypassed that.
mid sophmore year, they switched to blocking the exe's by adding a rule to the anti virus program... i bypassed this by hex editing the executables, thus giving them a different hash then the flaged ones. by this time i had also spread warcraft 3, starcraft, and insergency... every day during the engineering class, we would have an "engineering vs IT" game of halo or css
late sophmore year, i captured a WPA handshake between a router and a teacher laptop.
over the summer i brute forced the WPA key.
begining of junior year, games now included half life 1, half life 2 with a custom config file to give playable fps at school, and portal 1. game distribution was getting hard, so we moved from flashdrives to a FTP. students wanted to play on their laptops, but i did not want to give out the iwreless key, so we hid a rogue access point in both the IT and engineering rooms.
mid junior year, i was bored.... started poking arround in the routers configuration page.... i found a log file generated by a script that was saved to the routers flash memory, i connected to the router using telnet, and navigated to the script, then copied it to the local computer, opened it in notepad++, and i saw the administrators password. i then tested the password on a few things, happened to be the pass for everything.... bypassing blocked websites, local admin account ,network admin account, password to the admins share drive, password to get into the databases in the county, password to vnc into any computer.... yeah....
beginning of senior year, the hex edit method of getting games to run stopped working. now we would boot into linux and create a new folder called xterm in the c:/windows/system32/ directory, we would give this folder read / write permisions.... then put all our games in there. which we could then run. the distributed game pack still existed, but due to this being a challenge to some people, the majority of games were stopped. however we also included a portable version of firefox... already with flash installed, as well as putty, which was configured to connect ot eather my compuet or my friends computer, with an account that only had http redirection enabled (no remote command ability or anything).
mid senior year, i got bored and arp poisoned the school, made the grade web page go to a site that said happy birthday to one of my friends.
i also had access to active directory and what not, so i made a new account called 'ron paul' on every computer, and set the desktop background to a troll face... the account had full admin rights, that got shut down quickly though.... this was before we found the system32 exploit.
My friend did something similar in Stony Brook University...ended up facing a 2000$ fine and ended up working as the network manager on CAMPUS to pay it of, and countinued afterwards. BOSS
Status update, So I handed in a revsied version of that paper to her, and suprise suprise she took offence to it even though I removed all the condecending parts. So she had me write her an appolgy and I'm supposed to give her a revised version of my paper along with a section about me(she says she want to get to know me better WTF) tommorow. She also called some kids in trying to get them to say it was me who installed Fedora not knowing they were some of my best friends LOL. Anyways she probely is going to take my computer "previlages away"...
I use my laptop at school anyways so thats no big deal only problem is lossing wifi they have an HP procurve wireless router that connects to the windows active directory to log you in... So I'm thinking I should install my own router somthing like this http://www.youtube.com/watch?v=aLYU4NeBgew and not broadcast the SSID to bad I don't have the money to spare on an router... The funny thing is it wasint even me who installed Fedora, I'm more of an arch type guy... Anyways I will keep you guy updated...
Also if you guy want to send her a email explaining why I could have not installed Fedora on a computer due to BIOS password pm for her email address... Just tell here I'm you close friend, and you an computer expert and please please dont mention RAZETHEWORLD or TekSyndicate... We don't need a 50 year old trolls (and if your reading this trask a troll is not what you think it is) on here...
hahaha I wish my comp tech was that awsome. To bad it look like he doesnt even understand what an XSS attack is
**link removed**
I love being tech retarted ...as far as the router issue concerned, Id do what I do now and just USB tether my internet connection
Talked to her again this morning... Turns out none of her witness said I installed Fedora hahaha... but one kid said I installed a "desktop modifyer" and removed it at the end of class LOL I asked her what that means and she said, the ways I describe things is so much different than the way normal students discibe thing due to my knowledge, and I must be an suppppppeeeeerrrrr haxxxx0000000033333eeerrrrrrrrrr TM... Anyways I told her a 3 year old could install Fedora... I then showed her the steps to install Fedora aka pressing next and she told me that most users would not be able to do that... I guess she thinks all students are sheep... anyways I could give a fuck if she lets me use the school computers again, they all suck anyways I literly one time saw a kid stick pencil inside the case the stop te cpu fan from spinning and allmost buring out a capasitor that was near the heatsink... anyways I will keep you guys posted.
Not sure if were allowed to talk about this, but is this exploiable :
http://www.sd6.bc.ca/swms/swmsindex.php?page=**inject sql here**
example
http://www.sd6.bc.ca/swms/swmsindex.php?page='
from what I can tell my input is being put through somthing like this:
$value = $_GET['page'];
$result = mysql_query("select ".'$value'." from mytable");
while ($row = mysql_fetch_object($result)) {
echo $row->user_id;
echo $row->fullname;
}
.
if schools in canada are like schools in america, they are complutly unprepared for teaching students computers. They act like we are them and that computers are mystical portals where magic happens.
She called me back into her office today... She said she found some new evidence. She found Firefox portable and WireShark on my school drive. The school comp tech told her that they were password hacking tools LUL. I tried explaing to her that they got copied over with my homework from my USB drive, but she the when on to accuse me of being a dark password stealing HAXXXOR at home. I told her that she could keep my computer privliges and that I would use my laptop at school like I have been for the last year, but she then said I had to use the school computers, just to disagree with me. Anyways I will keep you guys posted...
They seem very ignorant.
well, in all reality... if i was the sys admin, i would be upset if you had firefox portable and wireshark.
wireshark + an arp table man in the middle would allow you to sniff peoples web trafic, such as non ssl passwords. also, with firefox portable and an ssh you could bypass the schools proxy.
now, you did not have putty, nor did you have a program like ettercap or cain. so you would not have been able to rly do anything malicious.
their firewall is a Hardware layer outside the school, also I didn't winpcap so the wireshark installer would be useless... but I'm not even mad about that what angers me is her ignorance, and how she accused me of being a dark evil hacker at home... Anyways school years almost done anyways so fuck her...
I don't know how you stayed calm in that conversation you posted, I really don't. I'm not even a person to get angry quickly and I would have flipped.
I would just constantly call her a noob, NOOB NOOB NOOB NOOB NOOOB NOOOOB NOOOB, you got p4wned!
I think if this happened to me, I'd learn how to hack systems just so I could actually hack the school.