So We Hacked into our school email system


(Zuzy) #1

Me and @binaryoverload are in the same computer science class. while talking over some network security revision we got curious and looked at the list of users. long story short one of them was the global email user and its description was “School Global email user. pass: (Really obvious password)” we told our Computer science teacher after @binaryoverload accessed the email inbox and send an email to his own adress from the school (In school formatting) to prove it. Our teacher was in tears at the irony :joy::joy::joy:
Have you guys ever found any flaws in computer systems/networks you used? :rofl:


(Miguel Piedrafita) #2

Two years ago, my math teacher challenged me to disable the computer restrictions, and offered one point in the final grade if I managed to.

It took me five minutes.

Edit: Today I tried it again, still unpatched :man_facepalming:


(mrjvs) #3

Powershell isn’t blocked at my school… which can be exploited heavily.


(Zuzy) #4

for about 3 years Admin command line was able to be accessed by anyone no matter the privileges. in one class there was a user called “user” With no password that anyone (Including me and @binaryoverload) was able to log on to. It had Full Admin permissions :woman_facepalming:

Me and @binaryoverload find about 1 exploit a year. its mostly by accident too :unamused:


(Arinerron) #5

Yeah. Every year for the past 4 years, I’ve booted in single user mode on each class laptop that’s been assigned to me, copied off the admin password hashes, and cracked them on my own time. The teachers can’t figure out how I keep getting the admin password.

One year I couldn’t crack it in one class, so I waited for a zero day and exploited it to get root on the laptop.


(Nathan Geerinck) #6

Pretty cool, I stole once or twice an exam from the server :’)


(Zuzy) #7

Its Funny @binaryoverload Found about 4 accounts with no password That had full admin permissions and started messong about with A bunch Of stuff while i looked in horror and slight amusement :joy:


(Jip) #8

I can sense the “please don’t get caught” and “please don’t involve me in this shit” feeling across the world.


(Zuzy) #9

Ohh It was exactly that. I kept mumbling "No Dont do that theyll know who it was"As he messed about in admin Permissions :joy:


(Patrick Sletvold) #10

A friend of mine did some trick to access command prompt as an admin by clicking on the accessibility button on the Windows lock screen on his school PC. Then he set up the computer to share the school’s internet with other students over wi-fi. (This was a couple of years ago)

More recently we discovered that the school’s publicly available printing service is using plain http, and in theory is vulnerable to man-in-the-middle attacks to steal passwords to the school’s login system. We haven’t yet tested if it’s actually possible though.


(Arinerron) #11

Re: HTTP printing thing: Lol that’s actually pretty funny. This morning I was wiresharking the network and I saw some traffic going in the clear so I looked at it, and it was a student’s credentials as they logged onto this thing we have here called Papercut, which is a public printer management system :stuck_out_tongue:


(Patrick Sletvold) #12

That’s basically exactly what we’ve got, but we use a system called EveryonePrint. Pretty sure it even has support for SSL certificates, but no-one has bothered setting it up yet. We actually told one of the IT people at school, but he couldn’t do anything about it, since it’s managed centrally. Planning to use Wireshark on a friend’s network while we log in using that network to see if it really is as bad as we think. Way too scary to use it at school though, we’d probably get caught.


(Arinerron) #13

Lol, nice. Ours has support for SSL too, but nobody bothered to generate a cert.

I bought this Ethernet splitter on Newegg for $3, cause our school’s computers are all connected to an ethernet switch-- the switch distributes packets to the destination (each computer) only, so you gotta intercept the traffic before it gets to the switch. With this thing, you can plug the Ethernet cable that used to be in the switch into its input, plug another Ethernet cable into its output and to the switch, then one more into its output and to your laptop. Now you are intercepting traffic before it even gets to the switch. :stuck_out_tongue:

Dunno, it just sounds like fun. I’ll probably tell the IT admins once I see if any other attacks are possible.

Our of curiosity, have you done any other testing on your school’s system?


(Jori) #14

I can’t hack :frowning: otherwise I’d probably hack my sisters email and troll the shit out of her :slight_smile:


(Arinerron) #15

so uh, does 35 hours of community service for spoofing an email from school admins to all students seem harsh, if the email content was “Error: Failed to retrieve email content”?


(William Oldham) #16

Whattttt, that’s nuts…


(Jori) #17

Bullshit, if it were a big government thing give CS, but its just a school, who cares…


(Arinerron) #18

No, it is legit. Every lunch break for the rest of the year. This last week I’ve been working out front of the school. IT admins are just laughing about it but the dean of students and the school admins are freaking out cause they think I “hacked” something even though I didn’t. They took it as damage to their reputation and “hours wasted” of people being confused by the email, so they decided I could make it up by helping them out (and saving them $500 worth of work/time at minimum wage).


(Jori) #19

Lol what the fuck, if IT guys are laughing at it, why would anyone else give a fuck…


(Filip Samuel) #20

Wait, how did they know it was you?