Page 1 of 2

lol school security fail

Posted: Tue Nov 25, 2008 7:54 pm
by Fergie1
So today I managed to guess an administrator password which is a default account but I assume when the school not a new version of Classlink installed they changed all the default account passwords to the one that is the same as the local admin password (fail) so any ideas on what to do with it? Theres obviously the idea of just destroying everything and making everyone admins but thats obvious and a bit stupid, so if anyone could reccomend something more subtle as I want to do something but i'm lacking ideas.

I don't want to log onto it very often as the system logs every log on and log off into a database and unless I want to clear the database of that each time its best I don't use it often.

Re: lol school security fail

Posted: Tue Nov 25, 2008 10:07 pm
by jd2kuk
How about slightly tweaking the permissions that standard and restricted users have? ;)

Allocate some extra programs to those groups too, like RM tutor...

Re: lol school security fail

Posted: Sun Jan 04, 2009 2:01 am
by ICT Tech
What kind of place does something like that?!

Anyway, I say go for it Fergie, give the people on your network some access rights, they will probably all be noticable in the end by the Admin, but so what, do it anyway :P

Re: lol school security fail

Posted: Sat May 02, 2009 6:24 pm
by Todd91
when i got admin rights on my school server i used it to get into the fbi, since the ip address was the same for all of them. easy.

Re: lol school security fail

Posted: Sun May 03, 2009 5:38 pm
by heebyjeebys
Todd91 wrote:when i got admin rights on my school server i used it to get into the fbi, since the ip address was the same for all of them. easy.
if your right then the fbi have real secure headquaters... located in a school with the same admin for the school as the fbi... interesting..... and about the ip addresses being the same...im pretty sure that computers fight when you get two or more computers with the same ip address.....must be some dream network that your on about then

Re: lol school security fail

Posted: Sun May 03, 2009 5:56 pm
by heebyjeebys
Fergie1 wrote:So today I managed to guess an administrator password which is a default account but I assume when the school not a new version of Classlink installed they changed all the default account passwords to the one that is the same as the local admin password (fail) so any ideas on what to do with it? Theres obviously the idea of just destroying everything and making everyone admins but thats obvious and a bit stupid, so if anyone could reccomend something more subtle as I want to do something but i'm lacking ideas.

I don't want to log onto it very often as the system logs every log on and log off into a database and unless I want to clear the database of that each time its best I don't use it often.

haha ... change the wallpaper on all the computers or something silly .... or make a GP object... find the setting that displays a message at the login screen... and type something .. tee hee!

Re: lol school security fail

Posted: Sun May 03, 2009 6:25 pm
by muto
heebyjeebys wrote:
Todd91 wrote:when i got admin rights on my school server i used it to get into the fbi, since the ip address was the same for all of them. easy.
if your right then the fbi have real secure headquaters... located in a school with the same admin for the school as the fbi... interesting..... and about the ip addresses being the same...im pretty sure that computers fight when you get two or more computers with the same ip address.....must be some dream network that your on about then
I think he was referring to the fact that the entire school only has one external IP, because it's using NAT, so they don't know which of several hundered computers the attack really came from...

Re: lol school security fail

Posted: Sun May 03, 2009 7:50 pm
by ICT Tech
muto wrote:
heebyjeebys wrote:
Todd91 wrote:when i got admin rights on my school server i used it to get into the fbi, since the ip address was the same for all of them. easy.
if your right then the fbi have real secure headquaters... located in a school with the same admin for the school as the fbi... interesting..... and about the ip addresses being the same...im pretty sure that computers fight when you get two or more computers with the same ip address.....must be some dream network that your on about then
I think he was referring to the fact that the entire school only has one external IP, because it's using NAT, so they don't know which of several hundered computers the attack really came from...
Well now, we can trace that! :twisted:

Re: lol school security fail

Posted: Sun May 03, 2009 8:02 pm
by muto
The most you could trance it to is a computer, you can't actually see who's using the computer at the time, and if it's in an area with no witnesses, you have no proof..

Re: lol school security fail

Posted: Sun May 03, 2009 8:06 pm
by ICT Tech
We can trace it to the computer, then check the cache for that machine, sometimes it will work, sometimes another 11 people have logged into the PC and we cannot check :cry:

But sometimes we can, lmost everything in RM Systems in logged 8-)