RM Exploits

Discuss it here

Moderators: Community Moderators, Veterans - RM Community

Forum rules
RM Specific Disclaimer: Users should be advised that any software files, modifications, upgrades, plugins etc are property of the poster.
Xatrix Security do not accept ownership of these files nor do we accept liability for any copyright violations.
Xatrix Community Guidelines: Click Here
jd2kuk
Posts: 1537
Joined: Fri Mar 16, 2007 12:19 am
Location: UK

Re: RM Exploits

Post by jd2kuk » Sun Jan 27, 2008 7:48 pm

If you can get:
  • a: a machine which admins or teachers (or whatever kind of account you want log on to
    b: an account which can run exe's
then you can download the last 10 usernames who logged on at that workstation, and crack their passwords :P

There's a tutorial in the tutorials section of xatrix

YutziHak
Posts: 11
Joined: Thu Jan 24, 2008 8:06 pm

Re: RM Exploits

Post by YutziHak » Mon Jan 28, 2008 2:07 pm

To keep you updated on my quest... XD.

I have taken the list of teacher login names from the Learning Resource Folder on my desktop.

From this I have been able to find a few names might have a less secure password:

guest2007
Maths
Science
SupplyTeacher
testing
teachguest

Going to go on Easylink now and try some obvious passwords like "Password" "password" "password1" "changeme" doubt they will work but worth a shot.

jd2kuk
Posts: 1537
Joined: Fri Mar 16, 2007 12:19 am
Location: UK

Re: RM Exploits

Post by jd2kuk » Mon Jan 28, 2008 5:43 pm

Bear in mind that though you may have guessed the right password for one of the accounts, they might not necessarily have easylink access- in which case you'll get the same response as for a wrong password.

Also don't forget that there might be an account lockout set, so if you guess the wrong password too many times you might lock out the account :P

Post with how you got on :D

User avatar
TJ_2k7
Posts: 878
Joined: Wed Jul 04, 2007 6:31 pm

Re: RM Exploits

Post by TJ_2k7 » Mon Jan 28, 2008 5:59 pm

To find out the all the teachers names they are in a folder on the server called
RMTeachingProfiles or something.
Thats how i found a 12 test accounts. (no admin or advance staff permissions :cry: )

:mrgreen:

DEatHISland
Posts: 50
Joined: Sun Mar 11, 2007 6:06 pm
Location: UK

Re: RM Exploits

Post by DEatHISland » Mon Jan 28, 2008 9:19 pm

I have found a folder called RMsysadminprofiles on one of the school servers, however when i try to click on the folder of the profile of the techie i know has the highest rights, it says access denied! Didn't get chance to try all of the folders though, ill try em tomorrow probably.
Shortcuts & CMD dont work to open it. Anyone know a solution?
:D Thanks

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: RM Exploits

Post by ICT Tech » Mon Jan 28, 2008 9:29 pm

unfortunately for you, there is no way around this, the only people that can access that folder, are: himself, or someone with a higher privilege level than him. Sorry

DEatHISland
Posts: 50
Joined: Sun Mar 11, 2007 6:06 pm
Location: UK

Re: RM Exploits

Post by DEatHISland » Mon Jan 28, 2008 9:55 pm

Ah well, someone saw him type it once, my cousin infact, but he changed it pretty quickly. We logged on once, but it was at the end of school just to see if it works, cant even remember what colour icon it was. Never worked again.

Thanks for the reply Ict Tech.

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: RM Exploits

Post by ICT Tech » Mon Jan 28, 2008 10:16 pm

no probs, sure if you find his password again and need any help - gimme a bell :D :D :D

YutziHak
Posts: 11
Joined: Thu Jan 24, 2008 8:06 pm

Re: RM Exploits

Post by YutziHak » Mon Jan 28, 2008 10:36 pm

Well of course none of the obvious passwords worked for the test accounts or barely used accounts.

Maybe it is because of the Easylink restricted access, however I will try again tomorrow.

Just in case, can it be seen if I type the wrong user / pass in dozens of times by a Tech?

Don't want them coming to the comp i'm using asking why i'm trying to log on my Heads account or anything like that ;-)

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: RM Exploits

Post by ICT Tech » Mon Jan 28, 2008 10:40 pm

easylink is monitored and the reports are run automatically.
But logging in, well, you need to run the whole server report.

Post Reply