Hacking challenge...

[phatj]

Are you sure you're not trying to access your teacher's gradebook? I don't know of any teachers that would ask someone to hack into his computer.

 

[neonerd]

Originally posted by: phatj
Are you sure you're not trying to access your teacher's gradebook? I don't know of any teachers that would ask someone to hack into his computer.

brand new laptop...first off, he doesn't have anything on there yet, second off, its on a poor/needs imporvement/good/excellent scale, and he doesn't even o grades....not a single person in the school gets anything xcept good...so no, im not trying to access his grades or anything

 

[Ameesh]

Originally posted by: CorporateRecreation

Originally posted by: Kaputnik03

Originally posted by: CorporateRecreation
Also your description is very vague. What kind of network is the computer on?

it's on a network with the rest of the school computers...they can pretty much see each other, but the administration computers, including his laptop are password protected.

If you can find out some information about the physical topology of the network you might be able to do some work on the Adress Resolution Protocol.

the guy doesnt even know what a buffer overflow is, you expect him to anything about ARp let alone how to spoof his teachers machine and lets say he even got as far as spoofing his teachers box, to what end would that help him get into his teachers computer.

 

[Ameesh]

Originally posted by: SammySon

Both XP computers.....there's a chance though ours will be 2000 pro

Good luck. You need a flavor of unix to really do anything.

ARP or DNS cashe poisoning could be a good bet.

wtf are you talking about?

 

[konichiwa]

Get him to install IIS, then do the old IIS buffer overflow. Done and done.

:beer:

 

[thomsbrain]

boot with windows 98 floppy. fdisk. format c. 🙂


actually, a lot of my high school teachers had their macs completely unsecured on the network. i used to check my grades that way. although it was very tempting give myself a little boost here and there, i never once changed my grades.

 

[glugglug]

Do people on this network have domain accounts they log into or does the teacher just log into an account local to his laptop?

If they are domain accounts are there any Win98/ME machines in this domain? If so this would require copies of the passwords in the SAM file be encrypted in LANMan format which can be cracked in seconds with tools you should be able to find online.

Also, odds are 192.168.xxx.xxx or 10.xxx.xxx.xxx or whatever the school uses for the LAN will all be configured as trusted IPs in whatever firewall he puts on there which presents you a lot of holes if so....

 

[BeauJangles]

check out some security sites for the latest windows exploits.... if he isn't going to update it, just run the RPC exploit and you'll be in like a hot knife through butter.

 

[glugglug]

RPC exploit won't work if the firewall is properly configured. But if he can log into the laptop on the network, it isn't properly configured.

 

So if the other two guys know what they are doing, or atleast you say they do, how the hell did you get involved?

 

[Twista]

where can i download windows 2003 server full? ?oh wait... i was told to get it from somewhere.

 

[PowerMacG5]

So what if the computer is password protected? A true 1337 h4x0r would have no problem with that.

 

[neonerd]

Originally posted by: Phocas
So if the other two guys know what they are doing, or atleast you say they do, how the hell did you get involved?

i'm not big on security...i kno my way around computers, but security and hacking diff story...i wanna learn more about all this security stuff

 

[Gravity]

Too funny. Um, you mean hack via a hub or switch? Hmm..if it's just the password it would be easy, lotsa tools to do that with.