Originally Posted by JackDaniels
lol in answer to your question.....yes i have hacked my school....
started doing it over a year ago and I'm still at it now, i've even written a couple of tutorials on the internet helped people do the same.
my school network is VERY secure....the students have almost NO access to anything except their my documents folder (which of course is stored on the server) and all students use a roaming profile called 'student' which means that they cannot edit the profile and that it defaults once they log off (nothing is ever saved), students have no permissions over local computers and are restricted and hidden from basically all drives except for H: drive (the network drive to my documents)....
right well... one of the admins at the school (the head admin now) was a bit worried about network security and what students could and couldnt access...and he asked me to have a look and see whats possible from a student account.....
well..with no access at all i managed to get the local admin password (boot from floppy disk and use a dosrar program to rar the sam and system files), that gave me instant local admin (after about 5mins wen a good password cracker on the merged password files (Proactive Password Auditor), from there, log in as local admin and run a registry hack that dumps the last 10 users that logged onto the computer or something, this dumped a network admin account
use PPA to run hack against the network server using the network admin credentials and it returned a list of every username/password in the school (includin head teacher which is always fun lol)
i have been working with the ICT department since helped them to secure the network (although it is NOT fully secure as of yet...this is due to the exploits i used being caused by windows being sh*t lol)
i now have a network admin account (done it myself, but had permission from network admin) and have assisted many students/teachers with problems (i'm well known for my hacking in school)
from this i have even comprimised the 'admin' network containing all staff and student details as well as grades/addresses/medial records, i've also accessed the digitial register service as admin, meaning i can mark myself in for lessons even if im not there!
and now have got the security cameras under my control
o ye, also hacked a Mac OS X server as root in the process
Hah. You would have been entirely kicked out by now if you did it where I work. Granted, the network I'm on is a lot more secure, you'd never be able to do that.
For one thing, we don't use a Windows Domain. As for getting local passwords off the local computer, what were they thinking? The local password on the computers I work with are useless. You could get the password, and you wouldn't have any more access to things than you already do. I don't even know why they wanted an Admin password on the workstations. Everyone that logs in is created a dynamic local account with full administrative rights to the computer. We use Deep Freeze Enterprise to lock the computer down so you can't easily make changes to the computer. So, even with the Administrative password, you're not going to do anything. You install or corrupt something, you reboot, and it's all back to normal. Granted, I've hacked the program and disabled/removed it in the past, but it's difficult, and difficult if not impossible from within Windows. You can do it, though, fairly easily by connecting another drive to the machine, and setting the master hdd up as a slave, and mounting the registry from within that, and deleting several keys. You could do it from a boot disk, but it's more difficult, and either way, both of those are slightly noticable if you're trying to do them.
The network admin didn't even know what rights the student account had? That's pretty bad. It's easy to see on ours. And, we know exactly what rights everyone has.
Your workstations sound like they were set up nearly identical to the ones I had at my school. Drives hidden, permissions on the local computer, etc. All easy to get around. One of the funnier part about the Windows security, like when you try to type in "C:\" or something, and it says "Access Denied"
is that you can create a link, like say create a blank html document, and just create something with a link to file://c: and it works just fine.
How, exactly, are you meaning you got the list of all the passwords for everyone? That sounds a little farfetched. I'm assuming you brute force cracked them, IF you did, and that should take quite a while, especially if there's a lot of users. And, You'd think they'd lock you out after like 4-5 invalid password attempts.
Also, most things don't allow the Network Admin to retrieve your passwords. Maybe I just don't know anything about Windows Domains, but I'm 99.99% sure that it wouldn't let you do that either. I know with Novell, and any semi-respectable server, you it wouldn't allow that. You can change the passwords to anything you want, but not retrieve them.
You say your network is very secure. Assuming you WERE able to do all of this, which I'm doubting, then the network IS NOT very secure. It's a huge pos. VERY INSECURE.
You're making it sound like everything that requires an administrative password is the exact same password? That's kind of ridiculous, although I know it happens.
We have hackers/auditors come in like once a year and just tell them to sit and spend all day trying to exploit any hole they can find in our system.