Hacking into College
07Jul06
Author: Sky Ugh, who can be contacted at Ughster@gmail.com
Note: That these methods can be used on most networks, but I am focusing mostly on Colleges/schools, so the article makes several assumptions because of this. For example, most public colleges have windows based networks, so the tactics discussed in this article will be more useful if the target network is running a windows OS. Also this a N00b article. If you are a pro, you might as well pass this post. Digg this Post.
Warning: You can get into a lot of trouble by messing around on your college computers. In no way do I suggest you use the information below to actually try and hack into your college. This article is just to demonstrate how it would be done and what would be possible if you did manage to accomplish the task.
The main goal with any of the methods listed below is to obtain access to an account with suffecient network privilages, and it’s all uphill from there. To be clear, there is a very big difference between a network administrator, and a local administrator. A local administrator is only an administrator on one computer, and can not access other computers over the network. This is virtually useless unless you just want to mess with files on that paticular hard drive. On the other hand, a network administrator has access to all the other computers linked to the network, amoung other things.
Useful Tricks
There are a few tricks that may help you get past some of the college security features and restrictions along the way.
First off, one of the most annoying things that colleges tend to do is use an internet filter that blocks sites it shouldnt. The first way i know to get around that is to use a proxy, which is generally pretty effective.
http://www.browseatwork.com
http://www.proxify.com
http://www.novalok.net
Those are a few easily accessible web proxies. If they are blocked, you can try doing a google search for “cgi proxy” or “php proxy” to find one that works, or, alternatively you can also use googles “cache” feature to get into sites which are normally blocked, however this does limit your interaction with them.
I also suggest you take a look at a previous post on BotHack explaining how Your Freedom can help you Bypass Proxies.
I have also read that if you use the command prompt to ping a site using the “ping www.website.com” command to get its IP, that putting ‘http://”websitesip”‘ in the address bar will get around the filter.
Speaking of the command prompt, what happens if your college has disabled the command prompt? First off, make sure its disabled. Go to Start>Run then type cmd, if that’s disabled try the same thing except type command. If for some reason run is disabled, open the task manager by pressing Ctrl+Alt+Delete. Once it’s open click on “File>New task(run)”. If your colleges gone as far as to disable the task manager, there are programs which mimic the task manager that you can download.
Anyhow, so lets say none of the above methods worked. Don’t fret, we can just make a new command prompt. Open up notepad and type in this:
@echo off
command
@echo on
Save it as a .bat file, then open it, and you should have a functioning command prompt.
Sometimes network administrators get really paranoid and decide to disable primative functions, like the start menu, or the ability to right click on things and move icons. Sometimes pressing alt+enter can unlock the start menu. In the event that the network administrator has disabled the ability to save files onto the C drive, i would suggest trying to bring a floppy disk or a flash drive to college, and seeing if you can save files on there.
Anyway, onto the actual part where you hack into your college.
Method One: Command prompt
Most of the articles I’ve read that concern this topic involve using the command prompt and batch files to add/delete/change the privilages of the users on a computer.
In the command prompt you can use this command to create users on a computer:
net user usernamehere passwordhere /ADD
This command can be used to change the privilages of a specific user.
net localgroup administrators usernamehere /ADD
Wow, thats pretty neat isn’t it, you’ll be an admin at your college in a matter of seconds.
Too bad it wont work on any network with an admin who knows how to create acocunts with differnt privilages. Unless you already have access to a privilaged account, or your college is REALLY retarded with computers, this method is not for you.
About the only useful thing you can do with this method on a restricted account is use this command to message other users.
net send domainhere userhere(* for all users) “message here”
And that still isn’t very useful, although it might be a good way to pull a prank on a computer illiterate friend.
Method Two: The Network
This method is the one i have been most successful with, and while a network administrator who really has his act together may have a completely full proof network, most don’t.
This tactic consists of browsing the shared files of all the computers on a network. Most of the colleges that I’ve attended have neglected to put restrictions on the majority of their shared folders, and you can generally find some very interesting files using this method.
First of all, you need to find the list of all the computers on the network. Generally spekaing, this is pretty easy, however if the computers are really secure it might be a bit more difficult.
On most networks, it will be as easy as following this path:
My Network Places > Entire Network > Microsoft Windows Network
This should bring you to a folder that has a list of differnt work groups, at least one of which should contain the majority of the colleges computers. Getting to the shared folder on a computer should be as simple as clicking on the computer, or typing computername in the address bar.
If for some reason your college has these functions disabled, go to the command prompt and type “ipconfig/all” This should display your IP as well as some other information, such as the gateway IP. Type iphere in the address bar and it will access the computers shared folder. play with the last number in the address by changing its value to get into other computers shared folders. The gateway IP has some interesting things on it sometimes as well. in some cases, the gateway IP will be the address of the colleges router, in which case typing http://gatewayiphere may allow you to access and change the routers settings.
Most colleges name their computers apropriately, either by room number, department, section of building, or something to that extent. Most of the time there will also be a few computers that dont follow the general pattern of names. These computers generally hold some importance, and are often major servers.
Anyhow, for now just browse the shared folders and see what you can find. Check teachers computers for test answers. Check principals and counsellers computers for student databases, or locker information.
Explore every folder you can, sometimes you’ll get lucky. At one of the colleges i attended, the network administrator left a copy of his “my documents” folder on a computer named “test server”, and it was accessible to anyone. Within that folder he had various spreadsheets containing lists of staff passwords, as well as the master password to their copy of VNC (a program that lets you remotely control desktops) that they had installed on all of the colleges computers.
Method Three: Shoulder Surfing & Social Engineering
This is the method that requires the least computer literacy. You can either attempt to watch someone who has a privilaged account type in their password, and if you have a good enough eye you might be able to figure it out. Alternatively you can try to get someone with a privilaged account to trust you with their password.
Method Five: Keyloggers
If the above methods fail, you can try to install a keylogger on a machine at the college to obtain and privilaged login. However, any college running a decent fire wall or virus scanner will be able to render your keylogger useless.
However, if you have the money to blow, you can invest in a hardware keylogger, which you can physicaly attatch to the computer to steal peoples passwords.
Method Six: Remote Hacking
So, lets be honest, the previous methods barely qualify as hacking, but this method involves hacking into their servers from your own computer.
If your concerned about getting in trouble, I would definately not reccomend this method, as it’s not exactly discreet.
Go to your colleges website, if you dont know it, you should be able to find it by googling your colleges name. Now then, every college is going to have an E-mail system of some sort. Most of the time, every teacher and person of importance will have an E-mail account with the college. You’ll have to figure out how your college formats its employee’s E-mail log-ons. For example, at my old college, if a teacher was named John Smith, his E-mail would be jsmith@mycollege.org, and all the other teachers would have an E-mail address that followed that rule.
Now then, use a port scanner such as nmap to scan your colleges website for a port using POP3, or some other type of mail service. At this point its just a matter of getting ahold of a brute forcing program such as Brutus, and assulting the privilaged users E-mail account. Chances are his/her E-mail password will work on his/her’s computer log-on as well.
Using Your Privilaged log-on
Ok, hopefuly one of the above methods worked, now the question is, what can we do with our privilaged log-on. Hopefully your log-on is a network administrator, if not you should continue trying to get ahold of one.
First off, we can browse all the computers on the network, except it isn’t like before where we can just view the shared folders, now we can check out their C drive, read their personal documents, or delete them if we want.
To get to the C drive of a computer on your network, you enter computernamec$ in the address bar. If you have a privilaged log-on and that dosnt work, try replacing c$ with admin$, this will put you in the windows folder.
So now you most likely have access to all your teachers tests, all the confidential information the counsellers keep, and all the discipline records and locker information the principals keep. You’ve got alot of power in your hands at this point, for example, you could plant porn on a teachers computer and get them fired, or completely destroy a teacher’s lesson plans. If you know the main server the college uses, you might be able to get in and edit the colleges website, or maybe get rid of that pesky internet filter. Find the computer with all the year book stuff and edit the pictures. Send E-mails to teachers under the principals name. Your in complete control.
The best part is that colleges utilize more and more technology every year, most colleges these days have online grade books. If you use your privilaged login to get into that, you can probably change grades, attendance, seating charts, and various other things. Just use your imagination.
Not Getting Caught
If you used method six to obtain passwords, your on your own, as brute forcing is a very obvious method, and your liable to get caught if they find out. IP addresses are easily traced.
Now then, that aside, there are a few important things you should do, or rather, not do, to avoid getting caught.
First off, its not a good idea to tell alot of people about your abilities. I know it’s in human nature to boast, but the more people who know, the easier it is to get caught. If you go around telling everyone you can change grades and such, before you know it random people will be asking you for favors.
Secondly, its important to remember that alot of things on the computer are traceable. For example, every time you open a file on a computer, it can log the account that did it, and at what time, and possibly from what computer. If you pull a dramatic stunt that attracts attention to your colleges lack of secuirty, you might get found out.
Lastly, if your doing mallicious things on the colleges computer, don’t be stupid, make sure a teacher isn’t watching.