lol school security fail

Discuss security issues related to microsoft products

Moderator: Community Moderators

Fergie1
Posts: 257
Joined: Sun Jul 15, 2007 2:22 pm
Location: UK

lol school security fail

Post by Fergie1 » Tue Nov 25, 2008 7:54 pm

So today I managed to guess an administrator password which is a default account but I assume when the school not a new version of Classlink installed they changed all the default account passwords to the one that is the same as the local admin password (fail) so any ideas on what to do with it? Theres obviously the idea of just destroying everything and making everyone admins but thats obvious and a bit stupid, so if anyone could reccomend something more subtle as I want to do something but i'm lacking ideas.

I don't want to log onto it very often as the system logs every log on and log off into a database and unless I want to clear the database of that each time its best I don't use it often.

jd2kuk
Posts: 1537
Joined: Fri Mar 16, 2007 12:19 am
Location: UK

Re: lol school security fail

Post by jd2kuk » Tue Nov 25, 2008 10:07 pm

How about slightly tweaking the permissions that standard and restricted users have? ;)

Allocate some extra programs to those groups too, like RM tutor...
Some people are like Slinkies: completely useless but fun to watch when you push them down stairs.

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: lol school security fail

Post by ICT Tech » Sun Jan 04, 2009 2:01 am

What kind of place does something like that?!

Anyway, I say go for it Fergie, give the people on your network some access rights, they will probably all be noticable in the end by the Admin, but so what, do it anyway :P
ICT Tech
Senior Community Admin

Todd91
Posts: 29
Joined: Sat May 02, 2009 4:51 am

Re: lol school security fail

Post by Todd91 » Sat May 02, 2009 6:24 pm

when i got admin rights on my school server i used it to get into the fbi, since the ip address was the same for all of them. easy.

User avatar
heebyjeebys
Posts: 1352
Joined: Thu Feb 28, 2008 10:24 pm

Re: lol school security fail

Post by heebyjeebys » Sun May 03, 2009 5:38 pm

Todd91 wrote:when i got admin rights on my school server i used it to get into the fbi, since the ip address was the same for all of them. easy.
if your right then the fbi have real secure headquaters... located in a school with the same admin for the school as the fbi... interesting..... and about the ip addresses being the same...im pretty sure that computers fight when you get two or more computers with the same ip address.....must be some dream network that your on about then
Heeby's here! :)

User avatar
heebyjeebys
Posts: 1352
Joined: Thu Feb 28, 2008 10:24 pm

Re: lol school security fail

Post by heebyjeebys » Sun May 03, 2009 5:56 pm

Fergie1 wrote:So today I managed to guess an administrator password which is a default account but I assume when the school not a new version of Classlink installed they changed all the default account passwords to the one that is the same as the local admin password (fail) so any ideas on what to do with it? Theres obviously the idea of just destroying everything and making everyone admins but thats obvious and a bit stupid, so if anyone could reccomend something more subtle as I want to do something but i'm lacking ideas.

I don't want to log onto it very often as the system logs every log on and log off into a database and unless I want to clear the database of that each time its best I don't use it often.

haha ... change the wallpaper on all the computers or something silly .... or make a GP object... find the setting that displays a message at the login screen... and type something .. tee hee!
Heeby's here! :)

muto
Posts: 417
Joined: Sat Mar 29, 2008 12:46 pm

Re: lol school security fail

Post by muto » Sun May 03, 2009 6:25 pm

heebyjeebys wrote:
Todd91 wrote:when i got admin rights on my school server i used it to get into the fbi, since the ip address was the same for all of them. easy.
if your right then the fbi have real secure headquaters... located in a school with the same admin for the school as the fbi... interesting..... and about the ip addresses being the same...im pretty sure that computers fight when you get two or more computers with the same ip address.....must be some dream network that your on about then
I think he was referring to the fact that the entire school only has one external IP, because it's using NAT, so they don't know which of several hundered computers the attack really came from...

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: lol school security fail

Post by ICT Tech » Sun May 03, 2009 7:50 pm

muto wrote:
heebyjeebys wrote:
Todd91 wrote:when i got admin rights on my school server i used it to get into the fbi, since the ip address was the same for all of them. easy.
if your right then the fbi have real secure headquaters... located in a school with the same admin for the school as the fbi... interesting..... and about the ip addresses being the same...im pretty sure that computers fight when you get two or more computers with the same ip address.....must be some dream network that your on about then
I think he was referring to the fact that the entire school only has one external IP, because it's using NAT, so they don't know which of several hundered computers the attack really came from...
Well now, we can trace that! :twisted:
ICT Tech
Senior Community Admin

muto
Posts: 417
Joined: Sat Mar 29, 2008 12:46 pm

Re: lol school security fail

Post by muto » Sun May 03, 2009 8:02 pm

The most you could trance it to is a computer, you can't actually see who's using the computer at the time, and if it's in an area with no witnesses, you have no proof..

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: lol school security fail

Post by ICT Tech » Sun May 03, 2009 8:06 pm

We can trace it to the computer, then check the cache for that machine, sometimes it will work, sometimes another 11 people have logged into the PC and we cannot check :cry:

But sometimes we can, lmost everything in RM Systems in logged 8-)
ICT Tech
Senior Community Admin

Post Reply