Hi everyone I took a look around this thread and found numerous topics about hacking school networks witch were all covering different fronts of bypassing your school's protection.
So I decided on making an all in one Tut/reference on all the stuff you could do on a school(or any other) network.
Note that this tutorial/reference will dive a little deeper then just the dosbox and it's funny but rather limited commands
So having said all this we we start of exploiting our school's network by checking how smart/competent our schools network administrators are
The start
press: your windows button + r, to start the 'run' prompt.
If you get a message box saying: "You don't have the required permissions to run this feature" or something like that.
Then you know that you will need some other techniques. If this did work however, then you know your netadmins suck and you can probably do everything else described here without needing any kind of bypass
So your administrator disallowed you access to the run prompt. No problem at all
Code:
Can you reach your C:\WINDOW\system32 dir?
If you can, try running cmd.exe manually.
You can't access your windows dir, or your whole C: drive?
If you have any place where you can create folders and stuff, create a new shortcut pointing to your C:\WINDOWS\system32 dir
You don't have such a place where you can create new folders and things?
Try typing this in your browser: "C:\WINDOWS\cmd.exe"
If none of these things worked try obtaining an admin account later on
So you now have access to your command prompt but it won't open saying:
"you don't have the right privileges to access..Etc..Etc"
have a shot at the following:
Go to any public space where you can create files and stuff
Open up notepad and type one of the following:
Code:
command.com //this one doesn't work on vista win7 and win server 2008
start
cmd
start C:\WINDOWS\cmd.exe
If you had no luck try obtaining an Admin account later on
So now we are in
To bad we can't do any of the fancy stuff like:
"net user SCHiM mihcs /add"
and
"net localgroup administrators SCHiM /add"
However if you can, there is no point in reading along and you can start playing with your network already
So what to do now, since we don't have an admin account that can do all these things how about creating one?
Obtaining an admin account
There are a few ways to go about this, featuring from dangerous (keylogging your admin) to relatively safe
Lets start with the more easy and save methods
Add these commands to an .bat file:
Code:
net user SCHiM mihcs /add
net localgroup administrators SCHiM /add
Now this package would create a Admin account with the name: SCHiM and password: mihcs. If it was ran by another admin or program with Administrator privileges
So ask your self the following:
1. "Do my teachers have administrator privileges on our network?"
2. "Are there any programs running with administrator privileges?"
3. "Do I have access so frequently used programs?"
if your answer is positive on any of these questions proceed, else try more malicious ways of obtaining an account later on
Incase your answer on 1 & 3 was positive try this:
replace for example: InternetExplorer with an batch file running both internet explorer and your create account package, and make it delete itself Afterwards (del ../../../ yourbatfile.bat)
And viola you have an admin account
Incase your answer on 2 & 3 was positive try this:
Examine the program and it's dir's
Code:
Does it use any other .exe's ?
Does it access internet pages?
Does it store those addresses in a modifiable .txt/.XML/.Whatever file?
Does it access videos?
Does it use batch files itself?
If any of those are true, try feeding the program the our package, see if it works, see if it produces an error, if it does only produce an error in which the program you try to exploit refers to your .bat file but does not run it?
Try exploiting your admin instead Just cover our batch file, give it another name, change it's icon and put it among all the other files.
If another user now runs that program on that computer it will probably fail, maybe that user contacts an admin, maybe that admin is stupid and decides to run our batch file to determine what it does and viola, you have an admin account
Remember to delete the program afterwards.
If you are lucky the admin doesn't check if there has been created another account.
If only 3 was positive try the same method mentioned in solution 2
More malicious ways of obtaining an account
Use this as a last resort, you could get prosecuted for this (cybercrime etc. Etc)
Password cracking
1. Download a live CD with windows password cracking features (a Linux security distro for instance or opcrack )
2. Burn your live CD onto an CD (duhh) and leave your computer generating rainbow tables over night
3. Go to school, take a look around you, no one in sight? Boot up your live CD, extract all the passwords from your schools .Sam database. Take them home and start cracking them (they are encrypted md5 probably)
4. Take your cracked passwords to school and see if it works (it probably does but you are never sure )
Keylogging
1. Download, or create your own keylogger which sends the passwords/keystrokes to an ftp or smtp server and leaves no trace
2. Spend some time studying how it works, because whatever happens it: MAY NEVER EVER EVER PRODUCE AN ERROR MESSAGE!!! Or leave any obvious traces
3. Provide yourself with a valid reason to visit your administrators. E.g.: ask them for help running a program you made that produces a fake error message, and starts your keylogger (You really don't want an error message popping up on this stage from your keylogger!!!!!)
4. Check your ftp/mail after some time watch porn or whatever you do when you are at home
5. Go to school, login and have fun
Still no result?
Take a hammer smash your school computer
Credits
1. Me, I wrote this tutorial
Things you may not do without providing me credits and/or mentioning me as the creator of this tutorial:
1. Destribute this tutorial
2. Print it and using it as toilet paper
Things you may never do:
1. Claim this tutorial as your own
-SCHiM
I hope you liked it and it's not to long