Thursday, February 28, 2008

How to REALLY hack your school Complete Tutorial

How to REALLY hack your school Complete Tutorial
I. Introduction:
Bored in IRC, and some skids need help, so why not give them
some little tricks instead of the usually methods like gaining
access to CMD.

II. Needed tools:
1> Any linux live distro
Knoppix :
Ubuntu :

2> LM Extractor + Cracker
Cain :
Pwdump2 :

3> Data Transportation
iPod : Yes, an iPod
USB Pen : Flash drive, memory stick, etc...
Floppy : You will need 2; due to the file size

III. Method:
1> Ok first you have to be smart (I know this may be diffuclt for
most of you.) Try to bring your iPod or flash drive to class daily
atleast a week ebfore you actually attempt this, so nothing seems
out of the ordinary. Half of 'rev-eng.' is appearance afterall.

2> Ok, so here it is the last day of the week and we need fucking
admin on the school comps so we can install STEAM and play CS like
homo gamers. When you're teacher is not looking chose a computer
where the screen doesn't face is F.O.V. (field of vision.) Once
you get to it, immediatley pop the cd into the drive, and hold the
power button down for 10seconds to do a force-shutdown also known
as a "scary shutdown."

3> When the live cd boots up login to linux and pull up a terminal.

4> Once in the terminal, plugin your iPod or USB drive (floppies, if
you use them will come later.)

5> Now, (this being a little more linux savy) you will have to check
'fstab' and look for where your iPod or USB drive is and mount it. Make
sure when you mount it, that you mount it with 'write' permissions
otherwise you would get all kinds of errors and you'll be cursing in
the middle of class... see Figure 1.1 ('WTF?!')

6> Once it is mounted go into 'C:\windows\system32\config' and copy
the 'SAM' and 'SYSTEM' files onto your devices. This is also the step
where if you are using floppies to put floppy in for each. WARNING:
depending on amount of users and other factors it may not fit on a
floppy drive.

7> Once retrived, pull out the iPod and/or USB drive. Also don't
forget the LIVE cd you used. Then do another 'scary-shutdown' as
I outlined in Step # 2.

IV. Cracking:
1> So now you're home grab your self some eggog or semen and sit down
on the best computer you have at your house. By now I would've hoped
you downloaded one of the LM hash crackers I outlined above.

2> I prefer Cain & Abel from Open it, click on 'Cracker'
select 'lm' and import the nesscesary files.

3> Have it start, once it has begun set your processor priority a notch
above what it is. DO NOT SET IT TO 'real-time' or 'high.' I would tell
you why, but i'd rather you guys not listen to me and do it anyways =].

4> Depending on the complexity of the password/hash it should be around
8-10 hours of cracking. My schools was something like '34gdfgDf4g5' and
I was finished within a nights rest.

V. Getting in...safely:
Chances are your school runs on windows xp and is using domain-logon.
This is the most common way to monitor, and update a windows network as
large as a public school. So now that you have username/password of the
admin account for one computer in your lab their is a 95% chance it is the
same for all those other accounts. Unfortunatley you come into one big problem


Put simply, you fuck this part up, enjoy suspension/jail.

Walk up to the computer, getting to class early obviously, and unplug the
ethernet cord from the back of the computer. THIS IS ESSENTAIL FOR YOUR

Now logon to the computer using your admin account. Quickly go in and add
another admin user, using the control pannel 'Manage Users.'

TIP: Make sure the name/pass you create for a new admin, is totally random
thus leaving no 'bread crumb trails.'

Logout, then plugback in ethernet cord, and login to your new admin account.



To take this one step further, when you get to your Windows 2000/XP logon
screen look at the domain that you log into.

Resolve the hostname and get the ip. Even without IP you can use remotedesktop
client that comes on all the machines by default. Even if it is not in the menu
because your computer admin thinks he is smart open up 'run' or the address bar on top
of 'My Documents' and type 'mstsc.'

Once opened type in domain name and hit connect. If you see another login window you can
try the admin password you used.


So be careful, use a proxy, etc.'