Thought I'd explain one of the best operations I have ever done.

So, high school is getting *****g, and I just have nothing to do but, help the administrative technician... So, he has me go around working on trouble tickets and what not...
So, I'm in class one day when we received new laptops, some piece-o-shit dells that couldn't do much other then start. So, the teacher tries so desperately to instruct us on how to use them and log in, well no one could log in...
So, the teacher calls the tech. and he comes in to save the day...
He makes all our computers work...But, he tells the teacher,

"the password for the teacher is welcome1"

This is where it all begins...

the school/entire district, uses an email system called "group-wise"
Its some bullshit from Novell. Well, on the schools main site there was a contact list for every staff member stating there emails like
i.e. "kbuckmiller@example.net". This was the user-name.

So, I take those lists and I start guessing...

sure enough welcome1 was the default password, for everything!

I was able to get into VERY VERY confidential information such as SS# and state financial data.
The sweetest thing was that inside of the email system there was a "search" bar that I would simply ask it to show me emails containing words like "Password", and "secret", "confidential".
Soon enough I had everything a hacker could desire from that system.

After Six months of being undetected, I decided to step it up a notch.

I began to go into the secure gradebooks and state information on every student in the district(which i still can) and pull up addresses, phone numbers, emails, grades for the past 9-12 years. I had everything on anybody.

So, last days of school, and I begin planning...

Using the email system I had found a list of all the staffs Names, addresses,home/cell numbers. I decided to give it to some people....
for later use...

Last day of school...

I had been lucky enough to find almost every school website had a login from the main page for admins to add the daily bullshit. Also, they had a forget your password option which gave me all their passwords through the previously hacked emails.

So, I decided to edit all the pages, and my schools pages, teacher websites, and picture galleries.
Instead of "Welcome to BLAH high school"
It read "Hackers Rule the School"
with a ton of binary .gifs scrolling down and spinning green skulls...

Next, the information of the staff...

Someone had printed a thick stack of pages of all of it on a spreed sheet.
and placed them in lockers and the soda machines, the best place was the paper towel rolls in the bathrooms, so when you got a paper towel, you got a list.(I saw people with their jaws dropped, walking to class reading them)

So, I was working with the tech after school when...
"Jesse! we have an emergency! Can you come to the office quick!"
So, he ran off and I left for home...

Three weeks later,
summer school is in session, when I am called to the office...
The vice principles are at a huge table... They call me to sit down...
I see that one of them holds the LIST...
They start to accuse me of doing it...
Then two state agents start to discuss what is happening,
they say that they can find out everything, and it won't take them long, they try to ask me to admit and we can deal with it "in house".
I remained true that I had nothing to do with the list, though I knew of its existence, I did not do it.
they then asked about the websites, which I again refused to have anything to do with. They then pull this Bullshit out of their hats.
"We have a record that you logged into MY computer four weeks ago" said the senior VP.

I told him that was false and that I'd like to see that record of me logging into HIS computer.
He then changed around and said "no, and I said that we have a record of you logging into computers"... (this got him weird looks from even the others)

So, then I did probably the wrong but, gets the point across statement of,
"No Shit I log into the computers, I'm a student, and I work with Jesse, you can ask him just how much I've HELPED with the bullshit you call security, I'm not the only person who knows about welcome1, and I certainly didn't put the list out."

I then shake hands with as many people as would accept and leave...

I talk with Jesse, and apparently, I am free because, the logs were unsuccessful at finding any incriminating evidence. Also, the list didn't have any prints, nor could they find any records of me using the email system.
the data on the spreed sheets was confidential but, not private. Anyone, with the will power can use a public service to find information.
(phone-book, reverse phone-book,internet service)

Also, since it was a PUBLIC school and there was no warning on the email system, anyone can log in and "read" the information but, the moment you physically take the information from the server, it becomes a felony.
Sadly, they could not prove I took anything because, the server did a automatically set mandatory cleaning on the last day of school, destroying everything.

I have not been caught. To this day I use the email system. Though they sent a mass forward to everyone in the district, I use welcome1...
It is extre***y amusing to read the emails from staff about the list and the sites... Some mentioned my name...Others were just confused as fuck...

I have switched focus, and now I perform penetration testing for my school.
Next year, there are kids who I was teaching...
they are true prodigies...

Jack

niice, gotta love fucking with a school network

Given the matter of "security" being so low (everyone having the same password and whatnot), I don't really know how far the term "hack" applies to this one.

At the most I'd call it an expanded social engineering. You overheard the password being mentioned and then explored it.

I don't really see where any solid, actual "hacking" took place.

Then again, kudos for not being a destructive asshat. I'm sure 90% of the users on this site would have landed themselves in jail for something or another given the same info you had.

I think it would have been decent to backdoor the system in some manner. Most tools that utilize a login have a logging mechanism (varies from vendor to vendor), but backdoors aren't generally logged by anything by the OS itself (just regular old system logs).

Given that I don't think school systems completely reformat their servers over summer break, I think you'd maintain a certain level of access for quite a while if a proper backdoor was set.

Just food for thought.

A tool like netcat would be useful for that as well as some basic host enumeration and port scanning.

Some other and I used simple tools like C&A...

I used Knopix STD... A LOT

It helped for spoofing the MAC addresses, ports, etc.

the schools system booted to a network through a client known as 2x.
Which is a free download at their site. 2x.com

After some toying around we found that we could remote to our houses, or wherever we could. undetected because, all the administrator would see was

"2xapplication" like normal.

The school created a backdoor of its own.

anyone can go to the schools site and log into the server,
because they have the client download on the site, which just remotes you to the server, and gives you a virtual desktop.
you have to log-in, but, that's easy because, I have all the teachers/students log-in info.

While in school you can remote to any computer, then while in that remote session, you go to the site and then again remote to the server.

So, you have three connections. If you want to fuck with the server even more you can use three different log-in's for each remote session.

It really confuses the shit out of the administrator.
The first time I messed with it, Jesse was like, "WTF!"

I will look into that, thanks!

prodigies eh lol