1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do IT admins get any dumber than this?

Discussion in 'BlackHat Lounge' started by master.nightmare, Mar 16, 2011.

  1. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    My high school has probably the worst IT department anywhere. First of all, we use Twotrees Shelterbelt for our proxy. It is insanely easy to bypass using UltraSurf, yet it blocks everything worth two shits (including Bing, which is strange considering our entire district is run on MS Windows).

    A few months ago, as I was exploring our system a little bit, I noticed something... In Active Directory, they appended our school ID numbers to our last names! These ID numbers are supposed to be secret and can be used to access the gradebook, state testing, along with other resources. Best of all, you can buy lunch using someone's cafeteria account by simply using an online barcode generator, plugging in the ID number, printing it out, and scanning it in the lunchroom. So all you do is open a contact search, punch in the display name (which is Last, First), and the ID number pops right up (example: John Doe12345). Kid stuff. And our dumb admin probably thought that only he could access it.
     
    • Thanks Thanks x 2
  2. CoyoteAssassin

    CoyoteAssassin Elite Member

    Joined:
    Jan 3, 2010
    Messages:
    1,863
    Likes Received:
    3,935
    Occupation:
    Full Time IMer
    Location:
    USA
    Are you in high school or are you a teacher?

    If in High School - pretty cool. I use to work with proxies in high school. I hacked more than 50 computers in our school. Things were so easy back then. The next year, they put some kind of system in place. I can't remember the name but I remember some dumb dog always popped up.

    Proxies helped me get past stuff. Back then, it was all the rage to go to CandyStand.com.


    Thanks for the flashback!
     
  3. iwantl00t

    iwantl00t Junior Member

    Joined:
    Dec 16, 2008
    Messages:
    129
    Likes Received:
    51
    Oh man I remember messing around the network when i was in HS. Good times!

    Lol how did you get to AD ?
     
  4. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    I'm still a student. And I got into AD through the Windows search (you can use the little search assistant (the dog) to search for people/contacts and you change the dropdown from "contacts" to "active directory").
     
  5. CoyoteAssassin

    CoyoteAssassin Elite Member

    Joined:
    Jan 3, 2010
    Messages:
    1,863
    Likes Received:
    3,935
    Occupation:
    Full Time IMer
    Location:
    USA
    It's interesting that you have to use the "dog" for your search (as I just mentioned it), but that is not the dog I use to see (as an FYI).
     
  6. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    I also failed to mention that I proceeded to post people's ID numbers anonymously on their Formspring pages. The reactions were pretty hilarious! If it was a cute girl I usually included a comment about how hot they were for added effect.
     
  7. mintuz

    mintuz Newbie

    Joined:
    Jan 15, 2011
    Messages:
    42
    Likes Received:
    3
    Home Page:
    i remember using google translate as a proxy to bypass stuff. just change the url to en&en or something like that which translate english to english. i remember doing a net send to every computer aswell, that got me banned of the network for a couple of months tho. at university now studying computer networking so i know how to block some of these "hacks" you have spoken about. shame they dont teach your admins.
     
  8. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    It's the only way. There's an easier way to get into it through network places that I discovered in my programming class, but that's on its own domain with little security, no LANDesk or Twotrees ID agent. They apparently removed the link somehow on the main domain.
     
  9. antsaoo

    antsaoo Supreme Member

    Joined:
    Oct 1, 2008
    Messages:
    1,292
    Likes Received:
    637
    Nice :p our high school idiot system let you do commandline shutdown for example and remote installation. So i think if youd wanted you could have shut down all computers in schools 3 different locations with batch file :p or run some program
     
  10. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    Our proxy is set up to redirect Google Translate to some generic online translator which doesn't even translate accurately. At least they attempted that.
     
  11. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    They attempted to block out the command line, but that was easy to bypass by creating a batch file with a specific command that the spam filter on here won't lemme post. But I'm sure most of you know what that command is.
     
  12. Monrox

    Monrox Power Member

    Joined:
    Apr 9, 2010
    Messages:
    615
    Likes Received:
    580
    Man, it's not the hacking that can get you in trouble but the not-covering-your-tracks part. Just like any offline crime.

    Guess what would happen if someone decides to check cctv records with cafeteria payment logs. And if you don't have cameras there, some simple data mining comparing your buddies time of purchase and asking them if you were eating / drinking with them at the same date will bust you just as well.

    Even if a sysadmin is a moron, an investigator wouldn't be and logs are becoming the most persistent thing in the world after tax records.
     
    • Thanks Thanks x 3
  13. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    You have a good point here, but our cafeteria doesn't keep very good records. Once my buddy had money mysteriously disappearing from his account a lot faster than he was using it, and my other buddy and I went with him to the nutrition office out of boredom and the cafeteria director wasn't able to pinpoint a problem with his account when there obviously was one.
     
  14. kelli123

    kelli123 Newbie

    Joined:
    Jan 26, 2011
    Messages:
    42
    Likes Received:
    8
    LOL the Dog...wasn't it named Bess?
     
  15. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    What kind of system was this anyway?
     
  16. disposable_zero

    disposable_zero Newbie

    Joined:
    Feb 3, 2010
    Messages:
    16
    Likes Received:
    0
    I think schools always underestimate kids. Usually the school's "IT" is handled by their computer science teacher, that most likely took two courses of introduction to computers in college. They have a Windows Sever 2003 For Dummies stashed in their top desk drawer and walk around campus like their a guru because they can install a firewall. Little do they know the average student can bypass whatever security protocol they put in place with little more than one class period and Google.

    I remember I picked on our IT guy all the time, he installed this new software that locked everything out, and was like "lets see you get around that!". Just CTRL+ALT+DEL'd to task manager and killed the process. Took me all of three minutes. HAhAhaha!
     
  17. zalpriest

    zalpriest Regular Member

    Joined:
    Mar 10, 2011
    Messages:
    254
    Likes Received:
    52
    Occupation:
    SEO, Restaurant Owner
    Location:
    Beach,Florida
    Home Page:
    The IT probably just thinks kids in the school are too naive to know how to do all the things you and others can probably do. The thing is if anyone gets caught he will be pleasantly surprised that he got outplayed at his own game.
     
  18. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    Haha, my school is pretty big and actually has a dedicated employee to administer our network, but I've seen him, he looks like a complete dumbarse who probably does exactly what you described. Earlier this year, they figured out that we were using Task Manager to disable LANDesk, Vision, and Twotrees ID agent and disabled it. Took me all of five seconds to use Google to find a Task Manager replacement that's actually a lot more advanced and runs off my USB drive without administrative rights.
     
  19. master.nightmare

    master.nightmare Newbie

    Joined:
    Mar 16, 2011
    Messages:
    0
    Likes Received:
    2
    And kick you off the network for the rest of your high school career. My school is really strict with the enforcement of the Internet policy, probably trying to use fear to make up for the lack of security.
     
  20. Chronos

    Chronos Junior Member

    Joined:
    May 5, 2010
    Messages:
    126
    Likes Received:
    294
    I rootkit'd my entire schools identification server, application server, and storage server (both student, teachers and administration) and sent the school district administrators in an e-mail (anonymous of course) telling them that their IT sucks, and their system has been breached the past 3 months, and that nearly anyone that knows how to turn on a computer could have planted the rootkit.

    The rootkit was premade, a little bit of knowledge and following a few instructions got me access to EVERYTHING.