School Hacking Help

Ok. So at school they have everything tightened up so me and some friends can't do anything apart from take crap from the school ICT technician. Is there a way possible of still getting access to other sites that are blocked or maybe getting access to command prompt as it's disabled.

Bare in mind: Command Prompt is restricted as most things are.

Is there anything possible I could use to hack the school's over protected system?

Lol your school sounds exactly like mine…even HDD is blocked and our tech can view all our screens and on the music computers the little banner with all the back and forward bits on explorer are gone…now who else thinks that just a tad OTT :p Anyway have you tried the dreamweaver exploit to get into HDD then CMD? I havnt tried it yet but im sure it would work (as long as you ahve dreamweaver on your school pcs) there a video on it somewhere in the forums :happy:

I'm guessing your talking about browsing sites that are blocked?

proxys/anonymizers/use ips in url

those are some of the easiest,

contact me on msn/aim if you need more ideas. :)

My school's admin is quite good, but he hasn't yet restricted most things. We have HDD access, cmd, and all that, but some of the weirdest things (like changing system time/date, even tho they are wrong!!! are blocked)

Anyway, how can I mount my iPod as a windows volume? It shows up in device manager but mounting volumes is restricted for non-admin accounts on the computers, and I don't want to get in trouble :p

Normal usb flash drives work quite well, is there any way I can change my ipod's info to make it read like a normal usb drive? Like edit volume info, etc? I don't know how to change a device's description, anyone want to tell me how to do that? because I think the "iPod" in the name is what he uses to disallow them. Makes us go out and actually buy usb sticks… :(

for the record I have a 32mb stick (story for another time), a crumbling 1gb, and an 8gig waiting for me in best buy ;)

Thanks for any info.

[edit] They even block IP addresses… [/edit… to be continued?]

check the hbh articles. they hav a few useful things, but for starters to access a cmd prompt, open notepad, then type command, and save as whatever.bat

for a proxy try backfox.com its self explanatory

for leet proxy's, i suggest proxyElite.net

sounds kinda like my school. however its summer so idk what my new school will be like :D. the main problem with my old one however is that many sites (even ones that we wuld need to acemdemic activities) were blocked. the only way we could ensure getting into the site while at school would to go just pass the broadcast of the wifi that wuld make the block. sometimes getting on the site, then without doing anything to your computer, wuld be the only way around it.

the best proxies to use for schools in the us are ones that arent in english ;) try http://rapper.net

As long as you can use a flash drive, why not try using the san disk micro cruiser. I bought one for work and it comes with firefox. I just dl the add-ons for proxies and such. Makes life easier. You can also try booting various other os's from the drive.

Another option is editing the registry. You can try creating the registry keys in notepad. Also, look at virtual machines. I have vmware player on my flash drive with a virtual install of my favorite os ready to go at a moments notice.

There are tons of ways to get access to whatever. Read the articles on this site for starters. If you need more assistance you can pm me.

I got banned from using the Internet at my school for using a Proxy :P

Andeh wrote: I got banned from using the Internet at my school for using a Proxy :P Bravo, well done! B) if i've done that i'd be arrested rofl

mido wrote: Bravo, well done! B) if i've done that i'd be arrested rofl

i got banned for finding how to insert js into emails in the school email system, they use this crappy thing called gaggle. my it teacher didnt believe me so i sent him an email that gave him a popup saying told you so and shut down his browser. he didnt like being outsmarted by a pupil :( i got suspended aswell and he told me that if i even touched a computer again i wud be out for good. Well i am now out for good but not expelled as i have finished school :D

Lawl, that remembers me by "Hackers (1995)" movie,

** "You dont have permission, to touch or use any kind of computers or phones until your 18th birthday" **

hehe

mido wrote: Lawl, that remembers me by "Hackers (1995)" movie,

[quote]** "You dont have permission, to touch or use any kind of computers or phones until your 18th birthday" **

hehe[/quote]

Oh yeah!

That was a great film, and Angelina Jolie looked hot even with that hair.

@andeh im loving your sig, if only that would work in real life

Yeh, i really loved that movie more than hackers 2 (takedown) and hackers 3 (antitrust)… do you what is the first music (soundtrack) played in names in the first of the movie (after his court…)…and yep, i loved Angelina Jolie, she looked erotic XD…

-Zer0 Cool

koolkeith12345 wrote: @andeh im loving your sig, if only that would work in real life

Yep, tho, it will be:

life is :

int i = 999999999999999999999999999999999; for (int problemssincebirth = 0; problemssincebirth < i;problemssincebirth++)

{ cin >> solution; return death(); }

For mine… i is ++ :(

Lol, thanks koolkeith12345.

Nice rant there Mido ;)

In situations like these, people often get obsessed with bypassing or circumventing or removing software, but it seldom occurs to them to use the software to their advantage. It's like people who can't figure out that the best way to fight the state is to work within the system.

I've always gone for buffer overflow or similar, anything that allows command execution.

And, I have never had to deal with those surveillance systems that watch your screen, that would suck! But, find out how it sends the images. I'd say that the teacher getting no read is worse than a teacher getting a read and maybe seeing you do something bad. the teacher sees no read and they call techies, and the techies print off the logs and fuck you. Not helpful at all, I know, but I don't know what software you use so I can't do much better: find out HOW it captures these images, and find out what it would take to be able to send false data to the capture mechanism.

the following assumes you have a personal workstation or a laptop of some sort you use at school that is only yours… and runs linux regarding blocked websites: look, local machine control won't help: all your requests are routed through a "proxy" (in quotes because that's not, by def., what it is… but VERY similar concept) that blocks out some traffic. Prolly sonicwall or similar. So, try default passes on your gateway. Or… here's what my friends and I always did. We would use macchanger to spoof our macs, so they didn't know who was who. Then, we would use one of our home computers that we were running a web server off of as a web proxy. Turn off images and it's not that bad. eventually, our home IP would get blocked. Fortunately, we all had dynamic IP's, so we would just unhook the router, count to 60 and hook it back in. We used a free hosting site to host a list of our home IP's, and a PHP script I made would edit the appropriate line in the file whenever it's IP was different from what the free host page said (it would wget the file from the free host, use REGEX to check if it's hostname matched it's IP, then edit the file if it wasn't and use FTP to upload the updated file. It ran once every 5 minutes, and each of the scipts were set at a different time to 'start' the 5 minute cycle – so no problems with the file getting overwritten when 2 updated withing half a second of each other). So we didn't need to tell each other if our IP was updated, and what the new IP was. And no need for no-ip.com subdomains that would get blocked. Just go to the free hosting site and pulled the new IP. All of this took about a day to set up: I did all the PHP, one of my friends configured the proxy server for optimal speed and installed it on all our systems, and the other 2 spent the time getting a list of MAC addresses from the school that were registered in the routers but never used (old computers, non-used/outdated labs, etc.), then writing a shell script to be ran at start up that chose one of the macs and change the network card. ^that is a more or less fool proof system. Just have a shell script on your desktop that will exit out of the GUI and cause a shitload of errors, and if a tech person walks purposefully up to you, run it an be like "OH SHIT! WTF?!" – and keep all your shell scripts encrypted while not in use – just in case. Oh, and use the URL encryption options on your web proxy. PM if you need tips or help.

Iframe?;)

Damnation wrote : Iframe?;)

You frame? :p

@deathrape woah you should break your posts up a bit, too much text in a big block.

@mido would you kindly change your sig so that i dont get a password prompt ;) as it is a bit annoying.

social engineering ftw!!!!!

get your admin to do something that requires him logging on and watch him type his user/pass out

my admins 1st name was martin, his user was administrator and his pass was martin and hes a slow typer!!!! i was pretty amazed when i saw him type that out, other user/passes include test/test123 x/x and test/settings

needless to say he wasnt very bright

or if you can get to the server with a pendrive/cd/dvd with this password recovery tool then you have ALL the passes on the network

you could always try getting one of those little usb keyloggers and trick the admin into logging on for some reason.

moshbat wrote:

don't you need admin for the password grabbers?

[edit] yes, it does require admin access rights[/edit]

if your refering to what i said then what i meant was if one of your mates makes a distraction or something and you get to the network server then use that tool and the server has admin rights so you save the passwords in a list and get the fuck out. You then log in as an admin and make an image with all the users/passes and set it as the default background :D and laugh as the it sector goes nuts trying to find out who did it and how they did it :evil:

well, tomorrow I have my first tech class this year. I hope it's networked to the rest of the school… they have like 7 subnetworks under the main one, and as it's desktop publishing (the only comp class I have not taken, so no fun for me senior year :( ) I don't think it'll be connected to the others.

Still, though, I can try out tons of stuff I've learned here. They all use IE, so maybe portable firefox will bypass stuff, and I'm lucky enough to have cmd. Like i said in my first post tho, our admin is actually pretty good, and they update a list of blacklisted urls every day (he has no life). Maybe ff + proxies will work ok tho… hmm… Anyway, I got tons of stuff to try and I'll get back here asap and tell how it went.

hehe i have Desktop Publishing too.. and i start tomorrow oddly enough ^^… but yea FxPortable… doesnt work well with the bypassing.. i'm still favoring the idea of using a home computer…make it a server :) and run it as a proxy if you have a dynamic IP ^^ should be quite useful

moshbat wrote: Why don't you just stick to the absurd rulesQ? Stupid teenagers with stupid adrenaline addictions do stupid things. And, it gave us something to do on saturday nights. But now I'm got a girlfriend, half the guys are graduated and everyone else constitutes of 3 people, who were the annoying noobs in the first place. So that's what I'm planning on this year, before I get banned. It's only another year and there are more exciting things.

Or, unplug the network cable here's an idea: we use macs – meaning built in wireless nics. And only some labs are pass protected. So, plug a wireless router in somewhere near, use the build in wireless card, and now you're in a different subnet so they aren't watching your screen. If you could find a way to install a NIC in one of machines… good luck :p

@ damnation: with iframes, the user's browser is still accessing the site. So they will still end up blocked. Includes will work, though. But then, why not just use proxy software?

@mido: please, PLEASE change your profile picture… it's in a pass protected directory… it's getting annoying :( Thanks :)

@moshbat: no, keyloggers don't need admin rights – use a physical keylogger.

@johnjuan728: it's the way to go. My method was obviously a bit… over the top. But it was a fun project for us, and we each focused on something we wanted to learn more about and contributed at $0.02 to the project. Me, PHP's socket programming library. Some of the guys wanted to learn linux, so they did the shell scripts. And then steve, the guy who did the cgi stuff, had a girlfriend, so we had him spend 5 seconds editing a config file and writing it to a flashdrive, then copying it to are /var/www directories before he left :p So, modify the method to match whatever you want ot learn more about.

Desktop Publishing… wtf is that? We don't have any good tech classes at our school: the best one is concepts in engineering, which scrapes the surface of boolean algebra. Boring stuff.

I dont know what Desktop Publishing is supposed to be… but in the class we sit and play with photoshop… play on the internet, and make Tshirts ^_^ so its pretty much a gimme class where i get to sit in front of a computer

yeah, that's exactly what Desktop Publishing it is. I'm only taking it cuz its the only tech class I have not taken (except engineering, which I'm also taking.)

I actually planned to set up a proxy on my (soon to be) server in my room since I do have a dynamic IP, but parents wont let me buy a switch for my modem so I can have internet… sheesh.

so I'm just gonna have to try some stuff and hopefully not get kicked off Internet rights…

My engineering teach is an uber mathematician/ tech person, maybe she'll help (as long as i phrase what I'm trying to do right hehe… se ftw)

T-Shirts? That's a good idea, I'll introduce it! Last year they just did business cards, flyers, and junk like that…

I'm gonna add to my sig how much I hate windows registry -.-

Anyone know how to enable regedit, or can you use a third-party registry editor and get past blocks on regedit.exeQ?