xkcd

by **hintss** » Thu May 06, 2010 6:07 am UTC

A few days ago, I walked up to the librarian and asked where the manual for the library management software (destiny by follet) was so I could borrow it, and she just plain out told me where it was (easily student accessible, unlocked cabinet).

Later, I opened it up, and on the second page, it warned to immediately change the default administrative password. 6 pages in, and they had written the new password inside the manual. After checking in the web interface at home, that was a nonworking account, but it would've likely worked at some point, right? Then, so I keep reading on, and 2 chapters later, they had written another non-working login and a working one.

This happenned the day after I figured out how to get a Unix shell on their server remotely on their network, and my friend got suspended for making some malicious VBScript and running it on their computers.

I have already told/emailed the IT person...

Hows your schools computer security?

by **Aardvarki** » Thu May 06, 2010 4:01 pm UTC

My senior year in High School, myself and a dozen or so friends had admin access to our entire network. My senior prank was going to be changing my school's website (the admin account worked and there was an FTP server where all the web files were, I could connect to it from home and edit anything on the district's website I wanted to), however someone caught wind of it all and we got caught.

We managed to get the admin password because our Anime club meetings (which were filled with nerds, obviously) were held in the Computer Lab, and thus there were many hours of unsupervised time in the computer lab, plenty of time for someone to bring in a boot disk and reset the admin password on a local computer and then install a keylogger. Then, find an excuse that you need an administrator to log onto that machine for, and voila, free password! Apparently the local "administrator" account on every machine had the same password - which was the same password as the local "administrator" account on the server that ran our Active Directory. Remote into that machine with that login, add a new user with domain admin rights, and presto!

We had access to TeacherTools (the grading system), the Lunch room servers (which stored our balances on our Lunch accounts - though we never figured out how to change the balances), the school district's website, we could change passwords for any account in the district, we were able to remove sites from the web filter blacklist, we could view all of the files in all of the teacher's home directories (quite a few of them kept copies of tests), and a handful of other very very nasty stuff.

I kept my distance from the serious stuff (grades, teachers, etc) and thus when we got caught, many of the students got 10-day in-school suspensions, but my only punishment was that I was forbidden from using the district's computers ever again (this was halfway through my senior year). Amusingly, the students who got suspensions were all kept in the same room for their 10-day suspension period so they brought laptops in and had a LAN party in the suspension room, playing Quake 2 all day for two weeks.

Also, not related to school security - but I used to work in the server room as an IT guy at a bank. They kept their admin passwords written next to every computer in the server room. When I mentioned how insecure this was, their response was "Well, we lock the server room and the passwords are all stuck such that you can't see them from looking into the room from the outside" - well, their "lock" on the server room door had five buttons - each labelled 1-5, and the "combination" was a string of between one and five of those (based on the way the lock worked, you could not use a button twice in a combination). Quick math shows there's only 325 different possible combinations. The fact that we ONLY used four digit combinations meant that realistically there were only 120. I mentioned that there were no security cameras in the server room, nor pointing at the server room door, and that it would be easy to check all 325 combinations in less than 15 minutes (at a rate of one combination per 2.5 seconds), and went so far as to bet the head of IT lunch for everyone that I could do it. I came back from lunch one day to find the password changed, and my coworkers inside with a countdown timer on one of the monitors reading 14:58, counting down. I debated being slick (I knew these guys pretty well, I was almost certain they would use a 4 digit combination towards the end of the list of possible 4 digit combinations so I was debating starting with 5-4-3-2 and working backwards), but decided to proper brute-force it (it's easier to work up than down anyways). I made it in with 6 minutes to spare (The code was 5-2-3-4, I would have gotten it in under a minute if I had started at 5-4-3-2 and worked backwards). But to think, anyone who managed to sneak into that building after hours could be in their server room in 9 minutes and have admin access to every server in the bank. I will never store my money with them, that's for sure! Also, before I worked there, they had no network monitoring software (I set up a NIDS for them since they didn't have one). Jeez.

by **gear-guy** » Thu May 06, 2010 6:14 pm UTC

Our school fails at it, but for a completley different reason.

It is theoretically very secure, no two of the seperate systems (other than the login network and email network, but they run on the same server) share the same usernames and passwords, so it isnt even possible to get onto a teachers account and change the marks, the worst you can do is get on an IT teachers account and delete everyones stuff from the pupil server and mess with the remote control system. But what with there being 5 or 6 systems for them to remember usernames and passwords for, many teachers store their account details on flash drives, the same flash drives they keep on their keychain, which gets loaned out to pupils both for using the flash drive, and for access to rooms. See where this is going? well, you're wrong, our school is filled with idiots, so it never occurs to them to make a copy of the file with the passwords in it. the furthest most people have got with "hacking" of any kind is writing a shutdown .bat file and passing it off as a web filter bypass, and people fall for it. I'm seriously worried about this generation...

by **GlaucusConstantine** » Thu May 06, 2010 7:57 pm UTC

Man, it never occurred to me to hack the school's computer system, since it being full of bugs, 'exceptions', save errors, etc. Also, our school system runs on Macs. The stupid part is how each student's account password is a 5-digit number, and the last two numbers of one's password is in the all too visible username. Therefore, you virtually only have to go through 1,000 combinations to figure out someone's password.

gear-guy wrote: our school is filled with idiots, so it never occurs to them to make a copy of the file with the passwords in it. the furthest most people have got with "hacking" of any kind is writing a shutdown .bat file and passing it off as a web filter bypass, and people fall for it. I'm seriously worried about this generation...

Hey, hey, hey. This generation is doing fine (from my perspective). People like you are apparently just getting sort of rare.

I don't think shutdown .bat files work on Macs.

by **hintss** » Fri May 07, 2010 12:26 am UTC

hintss wrote:A few days ago, I walked up to the librarian and asked where the manual for the library management software (destiny by follet) was so I could borrow it, and she just plain out told me where it was (easily student accessible, unlocked cabinet).

Later, I opened it up, and on the second page, it warned to immediately change the default administrative password. 6 pages in, and they had written the new password inside the manual. After checking in the web interface at home, that was a nonworking account, but it would've likely worked at some point, right? Then, so I keep reading on, and 2 chapters later, they had written another non-working login and a working one.

This happenned the day after I figured out how to get a Unix shell on their server remotely on their network, and my friend got suspended for making some malicious VBScript and running it on their computers.

I have already told/emailed the IT person...

Hows your schools computer security?

also, may I add that the working password for the library management system was "password"

also, I keep a medium-ish collection of somewhat useful batch files on my network My Documents. That included who am I, force logout (once, the computer's normal logout wasn't working for some reason), open winchat, force shutdown, force reboot, fork bomb, lag bomb (%0|%0), and a bad attempt at unixkcd using ifs and set /p.

also, toward the begining of the school year, I got into the habit of ending my batch files in .cmd instead of .bat. It still works and they still haven't caught on...

by **gear-guy** » Fri May 07, 2010 6:26 pm UTC

GlaucusConstantine wrote:Hey, hey, hey. This generation is doing fine (from my perspective). People like you are apparently just getting sort of rare.
I don't think shutdown .bat files work on Macs.

All of the accounts had full local admin access today, i meant to write down details i'd have otherwise not had access to, that might have helped in some form of hacking, but being the idiot i am i complaetley forgot

Hopefully it's still like this on monday...

And, no, they don't, i think there's some mac equivelent though, but .bat files are just lists of commands that get inputed into the cmd interface one by one, macs have different commands, what with being unix based and the likes...

by **Eseell** » Fri May 07, 2010 7:40 pm UTC

gear-guy wrote:And, no, they don't, i think there's some mac equivelent though, but .bat files are just lists of commands that get inputed into the cmd interface one by one, macs have different commands, what with being unix based and the likes...

You would just make executable shell scripts. They're pretty much exactly the same thing.

Edit: On topic, I love testing hotel network security when I travel. I always do it on my check-out day because I don't want to get kicked out on the off chance they actually have a NIDS/NIPS installed. Common network security issues I've seen:
Hotel switch ports configured for 'dynamic desirable' DTP negotiation, allowing guests to create trunk ports to their hotel rooms.
Various spanning tree protocol exploits
Using VLAN 1 as native on trunk ports, enabling VLAN hopping
No protection against MAC flooding, turning their switches into little more than hubs and flooding all their customer traffic to all ports.
Insecure wireless networks
No rogue access point protection/denial

The wireless stuff is probably a customer satisfaction issue. Customers want to be able to setup their own wireless access points in their rooms. Customers hate typing passwords into things. Fine. The wired security problems are inexcusable. Long story short, never use hotel wireless on an unencrypted connection.

by **Josephine** » Sun May 09, 2010 7:54 am UTC

My school's security is actually really good. And they're fast. I was doing some initial poking and prodding at the files of the local security systems, and the teacher was notified and told to tell me "if you continue to attempt to modify operating system files, you could be suspended". the bios is locked up too, so no grabbing the password files via linux.

Luckily, my only computer-heavy class lets me bring my laptop, and the schoolwide wifi is completely open.

by **gear-guy** » Sun May 09, 2010 1:32 pm UTC

nbonaparte wrote:My school's security is actually really good. And they're fast. I was doing some initial poking and prodding at the files of the local security systems, and the teacher was notified and told to tell me "if you continue to attempt to modify operating system files, you could be suspended". the bios is locked up too, so no grabbing the password files via linux.

Luckily, my only computer-heavy class lets me bring my laptop, and the schoolwide wifi is completely open.

Seriously? I was mucking about in computing last week and made a netsend .bat file that sent "Haha You Suck!" To Every computer in that section of the network, and all that happened to me was i was asked how to stop it happening again and thsat i didnt tell anyone else how to do it, but maybe thats just how useless they are.

by **Pez Dispens3r** » Sun May 09, 2010 1:51 pm UTC

This all shouldn't be that surprising. Feynman was able to unlock people's safes when he was on the Manhattan Project: partly because, although there were 1000 or 10,000 combinations, if you got a digit right to within five digits it would work. Like, if the first digit of your number was '5', then 3,4,5,6, and 7 would suffice. These are problems the dedicated will always take advantage of. And, yeah, get inside the mindset that high school really means dick. No, really, it doesn't matter at all. It's just something society gets anxious over because they think something learnt once, like evolution, or voting for a party based on its merits, is learned forever: luckily, for all, this is not the case. No one learns anything in high school.

Incidentally, back in my day we thought it was funny to unplug mouse cables and switch 'em. So one user would be spinning their mouse looking at a dead cursor, and the other would be wondering why their screen was possessed.

by **rhetorical** » Mon May 10, 2010 5:25 pm UTC

nbonaparte wrote:the bios is locked up too, so no grabbing the password files via linux.

I wasn't aware that that was possible. Anyone mind telling me how this works? I have a relative that I fix computers for, and she doesn't know her admin password.

by **JBJ** » Mon May 10, 2010 5:35 pm UTC

rhetorical wrote:
nbonaparte wrote:the bios is locked up too, so no grabbing the password files via linux.

I wasn't aware that that was possible. Anyone mind telling me how this works? I have a relative that I fix computers for, and she doesn't know her admin password.

Emergency Boot CD or Ultimate Boot CD are the two most common. They don't expose the password, but they give you the ability to change it.

by **rhetorical** » Mon May 10, 2010 5:42 pm UTC

JBJ wrote:
rhetorical wrote:
nbonaparte wrote:the bios is locked up too, so no grabbing the password files via linux.

I wasn't aware that that was possible. Anyone mind telling me how this works? I have a relative that I fix computers for, and she doesn't know her admin password.

Emergency Boot CD or Ultimate Boot CD are the two most common. They don't expose the password, but they give you the ability to change it.

Thanks

by **hintss** » Wed May 12, 2010 11:42 pm UTC

my school never puts BIOS passwords, has no idea of how to reset them when a student puts one, and the combination locks do work like that.

and the webfilter fails too: lego.com is blocked for games, play.lego.com isn't, rubiks.com is blocked for games, echochamber is blocked, fora., forums., and forums3. are all not blocked.

at least they disabled local admin accounts.

but still, the person literally let me borrow the manual with the admin password for the library management written inside.

by **rubber314chicken** » Thu May 13, 2010 3:15 am UTC

ours is kinda tight. I tried live booting linux so I could read a PDF since they never installed acrobat reader for class, and it wouldn't let met go online (then again I really didn't know much about what to try). Our filter is good, assuming you don't get the dumb teachers' passwords to override it. But I have a friend who got a printout of ever student's social security number, so he took it to their office, and told them to fix it...

by **No301** » Thu May 13, 2010 1:19 pm UTC

Easy access where i go, i can turn off the web filter and access other accouts due to the fact that all the account data and info is in a folder thats passwords is the schools district abriviation. And the filter doesn't even block out any web browser other than IE so I've never had an issue with internet security ever at school. I've sent letters and e-mails to the IT guys and the school administration but it hasn't been fixed for 3 months. And I have been thinking about changing the "unoffical school website" a site run and made by the Programming teacher and students in independent study for her class. Only her and a group of my friends realize the problems with this and nobody is willing to fix it. So I laugh when some of my programming buddies(who are juniors/seniors now) pull a senior prank on our servers.

by **Ouch.jars** » Sun May 16, 2010 8:52 am UTC

My friend occasionally gets administrator privileges for some reason, but I'm not sure if he's done anything with them. My school's system also disallows you from logging in to 2 computers at once, but if one computer is improperly shut down it takes a while for the logout to register, effectively leading to not being able to do anything for the rest of the computer lesson.

Web filter-wise, any URL with words like "game" or "cock" in it is blocked, as are most ccTLDs (most non-English-speaking countries').

Pez Dispens3r wrote:Incidentally, back in my day we thought it was funny to unplug mouse cables and switch 'em. So one user would be spinning their mouse looking at a dead cursor, and the other would be wondering why their screen was possessed.

This still happens, but by the time I'm on any of the victim computers, the mouse cables have been plugged back in... to the front USB port (I need to plug my flash drive in there most of the time). Also, people are snapping off the foldy-plastic-things that prop the keyboard up.

by **weiyaoli** » Sun May 16, 2010 6:25 pm UTC

Well considering most of the student population knows the password to a teacher account to bypass filters. And the fact that random bugs disable random bits of programs, especially pictures.

I'd say it's pretty secure. :roll:

But in all seriousness, it's secure otherwise, although obviously the filters aren't omnipotent.

by **cjmcjmcjmcjm** » Sun May 16, 2010 7:36 pm UTC

Ouch.jars wrote:Also, people are snapping off the foldy-plastic-things that prop the keyboard up.

I can't stand it when people do that!

by **Turtle_** » Mon May 17, 2010 11:52 pm UTC

For a long time, at least since before I was at the school, everyone's password was MMDDYYSS where MMDDYY is your birth year and SS is the first two letters of your street name. It was easy to remember, which is good for people who only need to use the computers once every few months (which is most people), but obviously insecure as hell for the people who had programming classes or whatever. They finally changed it last year because people were messing around with other people's accounts by changing the backgrounds and some other things. Now passwords appear to be mostly random which isn't exactly a good solution because lots of people only use the computers every few months, but it doesn't really seem to be a problem. I don't really know much about cracking, or even network security, but things seem pretty good. However, I know some ways to get to the command line, and other stuff that should in theory be hidden.

by **Adacore** » Tue May 18, 2010 10:57 am UTC

I never did much myself, but I know one of my friends at school worked out how to remote into the headmaster's computer - we read through all his correspondence, written warnings he'd sent to teachers, letters to parents, &c. Which is pretty bad, in retrospect, but we were nice kids so never did anything with it. Generally the computer security was pretty good, though - the two network admins knew their stuff, and they got the most computer-literate 6th formers (ie the people most likely to try and hack the system) to help out with net admin duties, and generally officially having the power kept them under control, I think.

Completely unrelated but kinda 'computer security' - at Uni all the PCs and monitors were padlocked to the desk, but there was no need to do any of the tedious combination-searching stuff, because they were those cheap-ass combination padlocks where you just pull lightly and rotate the wheels until it clicks. I think the only things I ever broke at uni were a couple of those padlocks, fiddling with them too much. Other than that, the computer security was rock-solid.

by **Heady** » Tue May 18, 2010 10:52 pm UTC

From what I've seen at my school, there are two networks running, each is completely seperate from the other. One is comprised solely of Macs, and is used by the student population and teachers. The second one is the PC network, which is only used by the guidance counselors, the staff, and the principal. I'm pretty sure no student has gotten onto the PC network, and the PC server might very well be at the town hall, since we're one of 8 schools.

by **BrighTide** » Wed May 19, 2010 1:06 am UTC

My school admin knows his stuff, they have a full HD-Guard install everywhere and separate passwords for all the admin accounts, HD-Guard control panel and all that jazz. The student accounts have jack all privileges, we can't right click, execute .exe's, .bats or .cmds. There fast in blocking all and any proxy bypass sites on the net, they monitor student history for the really out there ones and blocked the first 50 pages of websites Google displayed for "Proxy Bypass". Other than that though the admin is death on anyone with anything not school related on their H drive, and will completely ban people from computer access at the slightest provocation, which no one really wants to risk, especially in senior.

by **Tantalous** » Wed May 19, 2010 5:12 am UTC

My schools security is really tame--while we can't make permant changes to the desktop or us command prompt, .bat and .cmd files are still enabled and our web filtering can be shut off by repeated refreshing...Heck with a little work due to the libraries setup(it's our main computer lab) one student can access the remote monitoring software for any other library pc... and since they all have the same password they can get on easily.

by **hintss** » Thu May 20, 2010 1:02 am UTC

network topology:

Spoiler:

rant at being banned from using the computers:

Spoiler:

by **Nicad** » Thu May 20, 2010 3:10 am UTC

Every computer in my school has the same administrator password. The one written on the board in the computer lab. In big letters. Next to the words "Administrator password"

Needless to say, the computer department is staffed by idiots.

by **hintss** » Thu May 20, 2010 3:31 am UTC

can someone help me to get back on the school's computers?

see my previous post

by **Cynical Idealist** » Thu May 20, 2010 1:06 pm UTC

hintss wrote:can someone help me to get back on the school's computers?

see my previous post

I've devised a five-step plan that should work for you.

Spoiler:

by **gear-guy** » Thu May 20, 2010 3:46 pm UTC

Cynical Idealist wrote:
hintss wrote:can someone help me to get back on the school's computers?

see my previous post

I've devised a five-step plan that should work for you.
Spoiler:
1: stop being an idiot and dicking around with the school's computers.
2: Convince the admins that you will use the computers normally
3: Wait for them to allow you back on the school's computers.
4: Remember to not fuck with the computers anymore
5: While you're at it, remember not to play games on the school computers either.

That is the stupidest thing i've heard ever, because if you actually READ his post, it says that he didn't do anything.

by **Eseell** » Thu May 20, 2010 4:49 pm UTC

gear-guy wrote:
Cynical Idealist wrote:
hintss wrote:can someone help me to get back on the school's computers?

see my previous post

I've devised a five-step plan that should work for you.
Spoiler:
1: stop being an idiot and dicking around with the school's computers.
2: Convince the admins that you will use the computers normally
3: Wait for them to allow you back on the school's computers.
4: Remember to not fuck with the computers anymore
5: While you're at it, remember not to play games on the school computers either.

That is the stupidest thing i've heard ever, because if you actually READ his post, it says that he didn't do anything.

From hintss's posting history it's pretty clear to me that his definition of "nothing wrong" and a typical sysadmin's definition of "nothing wrong" are very different. It doesn't really matter whose definition is objectively correct because in this case only the sysadmins have the (legitimate) keys to the kingdom.

by **hintss** » Thu May 20, 2010 11:20 pm UTC

additionally, I have the sysadmin's cell phone number, I wasn't even AT the particular computer they were talking about, they said they didn't have evidence I did anything, and I can easily get access to the switches for the individual wings of the school. Now planning world domination.

anyway, heres what I think happenned: apparently, I had this one batch file which simply runs the logout script located on a network share, and that made the server think that you logged out. Apparently, they got the impression that when you run it on one of the NComputing systems, it makes the server think all the users logged out. I have tried that, and it dosen't work that way, and one sysadmin misrepresented to the other that it "disconnects the computer from the network", which it dosen't, since you can still browse the web, so the network is still connected. Actually, the more I think of it, the more their case dosen't seem to make sense...the others could still use it.

How do I explain this to them if they get mad at me and tell me to go away whenever they see me?

by **++$_** » Fri May 21, 2010 12:55 am UTC

It doesn't matter whether you caused any damage or not. The fact is that you were constantly poking around and giving headaches to the admins while they tried to figure out whether you did anything damaging or not. That's reason enough for them to ban you.

by **Cynical Idealist** » Fri May 21, 2010 1:10 am UTC

gear-guy wrote:
Cynical Idealist wrote:
hintss wrote:can someone help me to get back on the school's computers?

see my previous post

I've devised a five-step plan that should work for you.
Spoiler:
1: stop being an idiot and dicking around with the school's computers.
2: Convince the admins that you will use the computers normally
3: Wait for them to allow you back on the school's computers.
4: Remember to not fuck with the computers anymore
5: While you're at it, remember not to play games on the school computers either.

That is the stupidest thing i've heard ever, because if you actually READ his post, it says that he didn't do anything.

Right, I'll go through this point by point then.
1: This is based on past experience with hintss, not any specific post in this thread
2: Common fucking sense, here. They're the ones who can unban him, they're the ones he needs to convince.
3: See point 2.
4: See point 1.
5: See the post in this thread where he was going to websites blocked for games and passing the filter.

Also, if that's the stupidest thing you've ever heard, welcome to the internet. Let me show you what real stupidity looks like.

by **hintss** » Fri May 21, 2010 1:48 am UTC

Cynical Idealist wrote:
gear-guy wrote:
Cynical Idealist wrote:
hintss wrote:can someone help me to get back on the school's computers?

see my previous post

I've devised a five-step plan that should work for you.
Spoiler:
1: stop being an idiot and dicking around with the school's computers.
2: Convince the admins that you will use the computers normally
3: Wait for them to allow you back on the school's computers.
4: Remember to not fuck with the computers anymore
5: While you're at it, remember not to play games on the school computers either.

That is the stupidest thing i've heard ever, because if you actually READ his post, it says that he didn't do anything.

Right, I'll go through this point by point then.
1: This is based on past experience with hintss, not any specific post in this thread
2: Common fucking sense, here. They're the ones who can unban him, they're the ones he needs to convince.
3: See point 2.
4: See point 1.
5: See the post in this thread where he was going to websites blocked for games and passing the filter.

Also, if that's the stupidest thing you've ever heard, welcome to the internet. Let me show you what real stupidity looks like.

But then, I'm also the one who reported that the password was password and that you could get to Facebook. If it weren't for me, they wouldn't have known. Also, it is all on a Netware based network, so logging in to a workstation is logged.

You know what, now, I'm just working with my friend who I mentioned in the original post to create a complicated, dramatic looking revenge plan. He knows lockpicking, VBScript, C++, and all that, and I know where all the equipment is located in the school, in addition to how the management works, and general computer knowledge. In particular, I know that the ethernet lines, roof access, and fiber lines all lead to an unused classroom on the lower floor. Which has no security besides locks. And has double doors to the outside. And is filled with working, unused equipment. While the school is complaining about budget cuts. So anyways, by picking 2 locks, I could get access to the ethernet, and by picking another, I get roof access.

also, how much will this keep me from getting into my high school's robotics team in maybe 3 years (if I don't follow through with abovementioned plan)?

by **rath358** » Fri May 21, 2010 2:43 am UTC

hintss wrote:also, how much will this keep me from getting into my high school's robotics team in maybe 3 years (if I don't follow through with abovementioned plan)?

It is hard to take part in extracurricular things when you are suspended.
It is hard for you to be an effective member of a robotics team if you have no computer privileges.

If you want to avoid this, STOP. Treat the system with respect, don't experiment,even if it is "harmless" and don't prove that you can go to Facebook by doing so in front of the class. If stopping others from going there is really that important, just give the sysadmin guy a list of the URLs of proxies and such that people use. Find something else to do with your time on the computer. Even better, pay attention in class. Ask questions insightful questions. If this absolutely will not happen, you are bored out of your mind, can't get shifted up, etc., learn to do something else. I suggest making chainmail. Once you finish a couple pieces, people will see you as "that awesome guy who makes armor during class" instead of "that jerk who got everyone's computer privileges cut"

hintss wrote:
Spoiler:
But then, I'm also the one who reported that the password was password and that you could get to Facebook. If it weren't for me, they wouldn't have known. Also, it is all on a Netware based network, so logging in to a workstation is logged.

You know what, now, I'm just working with my friend who I mentioned in the original post to create a complicated, dramatic looking revenge plan. He knows lockpicking, VBScript, C++, and all that, and I know where all the equipment is located in the school, in addition to how the management works, and general computer knowledge. In particular, I know that the ethernet lines, roof access, and fiber lines all lead to an unused classroom on the lower floor. Which has no security besides locks. And has double doors to the outside. And is filled with working, unused equipment. While the school is complaining about budget cuts. So anyways, by picking 2 locks, I could get access to the ethernet, and by picking another, I get roof access.

also, how much will this keep me from getting into my high school's robotics team in maybe 3 years (if I don't follow through with abovementioned plan)?

In the us, burglary is basically defined as trespassing with the intent of theft or vandalism. Burglary is a felony. Stop even fucking thinking about it.

by **hintss** » Fri May 21, 2010 4:45 am UTC

rath358 wrote:
hintss wrote:also, how much will this keep me from getting into my high school's robotics team in maybe 3 years (if I don't follow through with abovementioned plan)?
It is hard to take part in extracurricular things when you are suspended.
It is hard for you to be an effective member of a robotics team if you have no computer privileges.

If you want to avoid this, STOP. Treat the system with respect, don't experiment,even if it is "harmless" and don't prove that you can go to Facebook by doing so in front of the class. If stopping others from going there is really that important, just give the sysadmin guy a list of the URLs of proxies and such that people use. Find something else to do with your time on the computer. Even better, pay attention in class. Ask questions insightful questions. If this absolutely will not happen, you are bored out of your mind, can't get shifted up, etc., learn to do something else. I suggest making chainmail. Once you finish a couple pieces, people will see you as "that awesome guy who makes armor during class" instead of "that jerk who got everyone's computer privileges cut"

hintss wrote:
Spoiler:
But then, I'm also the one who reported that the password was password and that you could get to Facebook. If it weren't for me, they wouldn't have known. Also, it is all on a Netware based network, so logging in to a workstation is logged.

You know what, now, I'm just working with my friend who I mentioned in the original post to create a complicated, dramatic looking revenge plan. He knows lockpicking, VBScript, C++, and all that, and I know where all the equipment is located in the school, in addition to how the management works, and general computer knowledge. In particular, I know that the ethernet lines, roof access, and fiber lines all lead to an unused classroom on the lower floor. Which has no security besides locks. And has double doors to the outside. And is filled with working, unused equipment. While the school is complaining about budget cuts. So anyways, by picking 2 locks, I could get access to the ethernet, and by picking another, I get roof access.

also, how much will this keep me from getting into my high school's robotics team in maybe 3 years (if I don't follow through with abovementioned plan)?

In the us, burglary is basically defined as trespassing with the intent of theft or vandalism. Burglary is a felony. Stop even fucking thinking about it.

I actually did give them a list of URLs like that. and I told them in private as soon as I found out. And I meant having that on my record and the robotics team, not actually being banned.

but still. its a batch file. which runs something off a public share. which gets run whenever someone logs out of the computer. Now, I'm starting to hate my school for the first time.

Also, I'm getting annoyed at the student government getting spelling and grammar errors on their large signs.

by **Turtle_** » Fri May 21, 2010 1:07 pm UTC

This is unrelated to security, but pretty funny. There used to be a copy of halo in one of the shared folders on the school's network. Our teacher didn't really care if people played, as long as it didn't interfere with work.

by **rath358** » Fri May 21, 2010 4:11 pm UTC

Turtle, some schools suspend people for that, even after they have ignored it for most of the year. Usually, though, only the people who post and copy the file get in trouble.

Hintss, for now, you will probably be fine. Just let the unfairness of your punishment drop, and things will probably be fine. As long as you don't do anything else incredibly stupid, the IT persons won't even remember you next year.
If you do happen to write some network defeating batch file, and absolutely have to see if it works, do it quietly in a way that doesn't create more work for someone else, then delete it from school computers and your jumpdrives so nothing happens with it.

by **hintss** » Sat May 22, 2010 1:42 am UTC

actually, I figured out the problem: the problem was in their heads. Anyway, I'm foing to high school next year, and if I'll mess with more batch files, I'll see about encryption.

by **SecondTalon** » Sun May 23, 2010 2:12 am UTC

hintss wrote:additionally, I have the sysadmin's cell phone number, I wasn't even AT the particular computer they were talking about, they said they didn't have evidence I did anything, and I can easily get access to the switches for the individual wings of the school. Now planning world domination.

anyway, heres what I think happenned: apparently, I had this one batch file which simply runs the logout script located on a network share, and that made the server think that you logged out. Apparently, they got the impression that when you run it on one of the NComputing systems, it makes the server think all the users logged out. I have tried that, and it dosen't work that way, and one sysadmin misrepresented to the other that it "disconnects the computer from the network", which it dosen't, since you can still browse the web, so the network is still connected. Actually, the more I think of it, the more their case dosen't seem to make sense...the others could still use it.

How do I explain this to them if they get mad at me and tell me to go away whenever they see me?

Web access =/= network connectivity. How does the network handle network identification? Are you sure the script doesn't remove access on that computer to all network resources? Do you know what the script does?

Who is online