E|2r0r_X
August 19th, 2009, 07:53 AM
Thought I'd explain one of the best operations I have ever done.
So, high school is getting *****g, and I just have nothing to do but, help the administrative technician... So, he has me go around working on trouble tickets and what not...
So, I'm in class one day when we received new laptops, some piece-o-shit dells that couldn't do much other then start. So, the teacher tries so desperately to instruct us on how to use them and log in, well no one could log in...
So, the teacher calls the tech. and he comes in to save the day...
He makes all our computers work...But, he tells the teacher,
"the password for the teacher is welcome1"
This is where it all begins...
the school/entire district, uses an email system called "group-wise"
Its some bullshit from Novell. Well, on the schools main site there was a contact list for every staff member stating there emails like
i.e. "kbuckmiller@example.net". This was the user-name.
So, I take those lists and I start guessing...
sure enough welcome1 was the default password, for everything!
I was able to get into VERY VERY confidential information such as SS# and state financial data.
The sweetest thing was that inside of the email system there was a "search" bar that I would simply ask it to show me emails containing words like "Password", and "secret", "confidential".
Soon enough I had everything a hacker could desire from that system.
After Six months of being undetected, I decided to step it up a notch.
I began to go into the secure gradebooks and state information on every student in the district(which i still can) and pull up addresses, phone numbers, emails, grades for the past 9-12 years. I had everything on anybody.
So, last days of school, and I begin planning...
Using the email system I had found a list of all the staffs Names, addresses,home/cell numbers. I decided to give it to some people....
for later use...
Last day of school...
I had been lucky enough to find almost every school website had a login from the main page for admins to add the daily bullshit. Also, they had a forget your password option which gave me all their passwords through the previously hacked emails.
So, I decided to edit all the pages, and my schools pages, teacher websites, and picture galleries.
Instead of "Welcome to BLAH high school"
It read "Hackers Rule the School"
with a ton of binary .gifs scrolling down and spinning green skulls...
Next, the information of the staff...
Someone had printed a thick stack of pages of all of it on a spreed sheet.
and placed them in lockers and the soda machines, the best place was the paper towel rolls in the bathrooms, so when you got a paper towel, you got a list.(I saw people with their jaws dropped, walking to class reading them)
So, I was working with the tech after school when...
"Jesse! we have an emergency! Can you come to the office quick!"
So, he ran off and I left for home...
Three weeks later,
summer school is in session, when I am called to the office...
The vice principles are at a huge table... They call me to sit down...
I see that one of them holds the LIST...
They start to accuse me of doing it...
Then two state agents start to discuss what is happening,
they say that they can find out everything, and it won't take them long, they try to ask me to admit and we can deal with it "in house".
I remained true that I had nothing to do with the list, though I knew of its existence, I did not do it.
they then asked about the websites, which I again refused to have anything to do with. They then pull this Bullshit out of their hats.
"We have a record that you logged into MY computer four weeks ago" said the senior VP.
I told him that was false and that I'd like to see that record of me logging into HIS computer.
He then changed around and said "no, and I said that we have a record of you logging into computers"... (this got him weird looks from even the others)
So, then I did probably the wrong but, gets the point across statement of,
"No Shit I log into the computers, I'm a student, and I work with Jesse, you can ask him just how much I've HELPED with the bullshit you call security, I'm not the only person who knows about welcome1, and I certainly didn't put the list out."
I then shake hands with as many people as would accept and leave...
I talk with Jesse, and apparently, I am free because, the logs were unsuccessful at finding any incriminating evidence. Also, the list didn't have any prints, nor could they find any records of me using the email system.
the data on the spreed sheets was confidential but, not private. Anyone, with the will power can use a public service to find information.
(phone-book, reverse phone-book,internet service)
Also, since it was a PUBLIC school and there was no warning on the email system, anyone can log in and "read" the information but, the moment you physically take the information from the server, it becomes a felony.
Sadly, they could not prove I took anything because, the server did a automatically set mandatory cleaning on the last day of school, destroying everything.
I have not been caught. To this day I use the email system. Though they sent a mass forward to everyone in the district, I use welcome1...
It is extre***y amusing to read the emails from staff about the list and the sites... Some mentioned my name...Others were just confused as fuck...
I have switched focus, and now I perform penetration testing for my school.
Next year, there are kids who I was teaching...
they are true prodigies...
Jack
So, high school is getting *****g, and I just have nothing to do but, help the administrative technician... So, he has me go around working on trouble tickets and what not...
So, I'm in class one day when we received new laptops, some piece-o-shit dells that couldn't do much other then start. So, the teacher tries so desperately to instruct us on how to use them and log in, well no one could log in...
So, the teacher calls the tech. and he comes in to save the day...
He makes all our computers work...But, he tells the teacher,
"the password for the teacher is welcome1"
This is where it all begins...
the school/entire district, uses an email system called "group-wise"
Its some bullshit from Novell. Well, on the schools main site there was a contact list for every staff member stating there emails like
i.e. "kbuckmiller@example.net". This was the user-name.
So, I take those lists and I start guessing...
sure enough welcome1 was the default password, for everything!
I was able to get into VERY VERY confidential information such as SS# and state financial data.
The sweetest thing was that inside of the email system there was a "search" bar that I would simply ask it to show me emails containing words like "Password", and "secret", "confidential".
Soon enough I had everything a hacker could desire from that system.
After Six months of being undetected, I decided to step it up a notch.
I began to go into the secure gradebooks and state information on every student in the district(which i still can) and pull up addresses, phone numbers, emails, grades for the past 9-12 years. I had everything on anybody.
So, last days of school, and I begin planning...
Using the email system I had found a list of all the staffs Names, addresses,home/cell numbers. I decided to give it to some people....
for later use...
Last day of school...
I had been lucky enough to find almost every school website had a login from the main page for admins to add the daily bullshit. Also, they had a forget your password option which gave me all their passwords through the previously hacked emails.
So, I decided to edit all the pages, and my schools pages, teacher websites, and picture galleries.
Instead of "Welcome to BLAH high school"
It read "Hackers Rule the School"
with a ton of binary .gifs scrolling down and spinning green skulls...
Next, the information of the staff...
Someone had printed a thick stack of pages of all of it on a spreed sheet.
and placed them in lockers and the soda machines, the best place was the paper towel rolls in the bathrooms, so when you got a paper towel, you got a list.(I saw people with their jaws dropped, walking to class reading them)
So, I was working with the tech after school when...
"Jesse! we have an emergency! Can you come to the office quick!"
So, he ran off and I left for home...
Three weeks later,
summer school is in session, when I am called to the office...
The vice principles are at a huge table... They call me to sit down...
I see that one of them holds the LIST...
They start to accuse me of doing it...
Then two state agents start to discuss what is happening,
they say that they can find out everything, and it won't take them long, they try to ask me to admit and we can deal with it "in house".
I remained true that I had nothing to do with the list, though I knew of its existence, I did not do it.
they then asked about the websites, which I again refused to have anything to do with. They then pull this Bullshit out of their hats.
"We have a record that you logged into MY computer four weeks ago" said the senior VP.
I told him that was false and that I'd like to see that record of me logging into HIS computer.
He then changed around and said "no, and I said that we have a record of you logging into computers"... (this got him weird looks from even the others)
So, then I did probably the wrong but, gets the point across statement of,
"No Shit I log into the computers, I'm a student, and I work with Jesse, you can ask him just how much I've HELPED with the bullshit you call security, I'm not the only person who knows about welcome1, and I certainly didn't put the list out."
I then shake hands with as many people as would accept and leave...
I talk with Jesse, and apparently, I am free because, the logs were unsuccessful at finding any incriminating evidence. Also, the list didn't have any prints, nor could they find any records of me using the email system.
the data on the spreed sheets was confidential but, not private. Anyone, with the will power can use a public service to find information.
(phone-book, reverse phone-book,internet service)
Also, since it was a PUBLIC school and there was no warning on the email system, anyone can log in and "read" the information but, the moment you physically take the information from the server, it becomes a felony.
Sadly, they could not prove I took anything because, the server did a automatically set mandatory cleaning on the last day of school, destroying everything.
I have not been caught. To this day I use the email system. Though they sent a mass forward to everyone in the district, I use welcome1...
It is extre***y amusing to read the emails from staff about the list and the sites... Some mentioned my name...Others were just confused as fuck...
I have switched focus, and now I perform penetration testing for my school.
Next year, there are kids who I was teaching...
they are true prodigies...
Jack