Author Topic: zOMG haxxored into skools system!  (Read 4526 times)

Offline Jersey

  • PLA Underling
  • *
  • Posts: 106
  • 1337 13V3L: +5/-5
zOMG haxxored into skools system!
« on: February 05, 2007, 07:32:33 PM »
The other day I figured out how to get into the Administrator's account for the grading/attendance program my school uses. Took a few guesses at it and I was in... and by the looks of it they never changed the default login and password for the admin account. So I can pretty much change anything in the system to what I want, but I have to be on a teacher's login on windows to have the program show up on the desktop :-/. Would be pretty nice to be able to access the program remotely somehow, but I doubt that can be achieved.

Its almost amazing how easy they make it these days to get into stuff you're not supposed to be in.
Aaaaaaayyyyyyyyy!

Offline Raptor

  • OMG MOD wannabe
  • Ninja Phone Loser
  • ***
  • Posts: 1208
  • 1337 13V3L: +80/-52
  • We can be happy underground
Re: zOMG haxxored into skools system!
« Reply #1 on: February 05, 2007, 07:43:44 PM »
what is the name of the program?

at our school, they use a java based app called "star base"

they also have "deep freeze" installed on every computer.
Raptor\\\'s Random Reviews!

http://www.phonelosers.org/forums/index.php?board=30.0

Offline PHISH-PHREAK

  • PLA Minion
  • *****
  • Posts: 692
  • 1337 13V3L: +68/-26
    • 954 Phone Losers
Re: zOMG haxxored into skools system!
« Reply #2 on: February 05, 2007, 07:45:31 PM »
They use pinnacle at my school. But deep freeze is easy to get around, ill try to find the program to "thaw" computers.

Edit: Here you go http://www.angelfire.com/planet/pla954/deepunfreezer.rar
« Last Edit: February 05, 2007, 07:52:55 PM by PHISH-PHREAK »

Offline Raptor

  • OMG MOD wannabe
  • Ninja Phone Loser
  • ***
  • Posts: 1208
  • 1337 13V3L: +80/-52
  • We can be happy underground
Re: zOMG haxxored into skools system!
« Reply #3 on: February 05, 2007, 08:04:10 PM »
I've seen that one, it's a great "hack"

I didn't want to do too much though, because they have windows logs of every app you open and run and I bet they have keyloggers too...

not that they are going to be reading those, but I think they might notice when my workstation has a changed desktop background...
Raptor\\\'s Random Reviews!

http://www.phonelosers.org/forums/index.php?board=30.0

Offline PHISH-PHREAK

  • PLA Minion
  • *****
  • Posts: 692
  • 1337 13V3L: +68/-26
    • 954 Phone Losers
Re: zOMG haxxored into skools system!
« Reply #4 on: February 05, 2007, 08:08:30 PM »
Just do discreet things like changing all the bookmarks to PLA and stuff like that.

Offline Tachyon

  • Minister of Defence
  • OMG Mod
  • Ninja Phone Loser
  • *****
  • Posts: 1875
  • 1337 13V3L: +125/-62
Re: zOMG haxxored into skools system!
« Reply #5 on: February 05, 2007, 08:27:40 PM »
http://www.thinkgeek.com/gadgets/security/5a05/

Leave this in a teacher's computer for a day or so til it can be retrieved securely and the passwords are yours. Use the login and password to access the grading system, and make sure that the hard copies are lost in a mysterious accident. If that's not your style, change the admin passwords around and raise holy hell in the system til they scrap the whole thing.
Do you speak two languages?

"Detective Don Gombo: IM AFRAID THE ONLY ONE "F" IS "U" MY FRIEND. WELCOME TO THE CRIMINAL JUSTICE WEB!"

Offline amazing_ned

  • PLA Underling
  • *
  • Posts: 105
  • 1337 13V3L: +4/-2
Re: zOMG haxxored into skools system!
« Reply #6 on: February 06, 2007, 04:52:25 PM »
There was a discussion in BinRev about how bad an idea playing with grading systems was (someone brought up something about grade audits and other checks that were done), but this seems pretty interesting. If you really wanted remote access (probably a bad idea because A) most schools turn their computers off at night and 2) you'll probably get caught, which would be bad) and did have physical access (it seems from the posts that you do) you could always install a remote control program (some schools use VNC so the tech guy doesn't have to go onsite for everything). That would be a pretty bad idea, though, and I don't recommend it at all.

Offline Jersey

  • PLA Underling
  • *
  • Posts: 106
  • 1337 13V3L: +5/-5
Re: zOMG haxxored into skools system!
« Reply #7 on: February 06, 2007, 07:48:50 PM »
what is the name of the program?

at our school, they use a java based app called "star base"

they also have "deep freeze" installed on every computer.

We use something called Class XP.

http://www.thinkgeek.com/gadgets/security/5a05/

Leave this in a teacher's computer for a day or so til it can be retrieved securely and the passwords are yours. Use the login and password to access the grading system, and make sure that the hard copies are lost in a mysterious accident. If that's not your style, change the admin passwords around and raise holy hell in the system til they scrap the whole thing.

Yeah I saw that thing and thought that it would be pretty nice for getting teacher's login's and stuff so I could just do stuff through the admin account, but logged into their Windows so it doesn't come from my student Windows ID. Cost more then I'm willing to dish out though, and it would be a complete bitch if they found it, because then I'd be out of that money pretty easy.

There was a discussion in BinRev about how bad an idea playing with grading systems was (someone brought up something about grade audits and other checks that were done), but this seems pretty interesting. If you really wanted remote access (probably a bad idea because A) most schools turn their computers off at night and 2) you'll probably get caught, which would be bad) and did have physical access (it seems from the posts that you do) you could always install a remote control program (some schools use VNC so the tech guy doesn't have to go onsite for everything). That would be a pretty bad idea, though, and I don't recommend it at all.

I was looking through the "Students" drive and looks like kids have already put shortcuts to the program in there, but I haven't tried to run it from my student windows login yet though (I'll test it tomorrow just to see if the program opens). And I'm pretty sure we have an on site tech guy (is actually one of my friend's dad) that most likely fixes shit for the schools throughout the district.

My grades are decent enough that it wouldn't be worth the chance of getting caught changing them, and my latenesses/absences aren't that much either. If anything, latenesses/absences would be the only thing I'd change back a couple numbers. Its still cool to be able to see your grades and everybody elses before they report cards come out and crap. And if I time it right, I could probably catch the Progress reports and change those to P (passing) if I knew I was gonna be getting one otherwise.

I logged onto it the other day during Auto to check my grades a day ahead of the the report card, and a couple other trustworthy kids were standing behind me in the office... Got the "Whoa! You hacked into that?" kind of response. So under theirs and AntiHacker's standards, I must be an 31337 haxxor for guessing the default Username and Password for the program.
Aaaaaaayyyyyyyyy!

Offline Dr P4nyk

  • PLA Guru
  • *****
  • Posts: 202
  • 1337 13V3L: +10/-12
Re: zOMG haxxored into skools system!
« Reply #8 on: February 06, 2007, 09:35:43 PM »
Thats a good way to end up in trouble.

P4nyk

Offline Colonel Panic

  • PLA Corporate Drone
  • *****
  • Posts: 427
  • 1337 13V3L: +29/-40
  • I lost my phone! Guess that makes me a phoneloser!
Re: zOMG haxxored into skools system!
« Reply #9 on: February 07, 2007, 11:43:29 AM »
Yeah, in case you didn't notice, most teachers still keep regular old-fashioned pencil-and-paper grade books.

So if your grade is changed in the system and it gets noticed (entirely possible, and not unlikely except in very big schools) they're not going to have any trouble figuring out what the original grade was, or who the most likely culprit is.

If a bunch of students' grades change, the chance of detection is probably going to be an order of magnitude greater.

In the end, it's really not worth it to tamper with grades. Academic fraud is a serious matter. You really stand to lose a lot, and the chances of getting caught can be high. If you do get caught, you'll likely be expelled, and an expulsion for something like that is probably going to follow you around for awhile, especially if you're at the college level.

Besides, you're cheating yourself out of an education as well. You'd really be much better off just paying attention in school and doing your homework.

And eat your vegetables, say no to drugs and always go to church every Sunday!!

Offline Jersey

  • PLA Underling
  • *
  • Posts: 106
  • 1337 13V3L: +5/-5
Re: zOMG haxxored into skools system!
« Reply #10 on: February 07, 2007, 06:43:56 PM »
Blah blah blah

And eat your vegetables, say no to drugs and always go to church every Sunday!!

Yeah I know. I really would never mess around with mine or anybody else's grade because its really not worth it at all, especially when my grades are decent enough. And screwing up big time now would only make things tougher on me in the future, and I don't need that.

And...
Only if they're tasty, I'm not into the drug scene at all (seen enough of what it does to people), and church can lick my balls (don't really buy the whole "higher power" shenanigans).
Aaaaaaayyyyyyyyy!

Offline M-26-7

  • Skinniest Member of the PLA
  • PLA Junkie
  • *****
  • Posts: 811
  • 1337 13V3L: +40/-61
Re: zOMG haxxored into skools system!
« Reply #11 on: February 08, 2007, 01:41:47 PM »
Quote
church can lick my balls

I know a few not yet de-frocked Priests who would be happy to help out.

Offline Jersey

  • PLA Underling
  • *
  • Posts: 106
  • 1337 13V3L: +5/-5
Re: zOMG haxxored into skools system!
« Reply #12 on: February 08, 2007, 06:47:22 PM »
Quote
church can lick my balls

I know a few not yet de-frocked Priests who would be happy to help out.

Oh, so you know them personally?  ::)


I figured there'd be some kind of Priest related comment from that, twas only a matter of time.
Aaaaaaayyyyyyyyy!

Offline Tachyon

  • Minister of Defence
  • OMG Mod
  • Ninja Phone Loser
  • *****
  • Posts: 1875
  • 1337 13V3L: +125/-62
Re: zOMG haxxored into skools system!
« Reply #13 on: February 11, 2007, 12:04:19 AM »
Well yeah if I was to change grades digitally I'd make sure that the paper records had accidents as well.
Do you speak two languages?

"Detective Don Gombo: IM AFRAID THE ONLY ONE "F" IS "U" MY FRIEND. WELCOME TO THE CRIMINAL JUSTICE WEB!"

Offline ryanfido

  • I smoke rocks.
  • Lieutenant Cactus
  • *****
  • Posts: 261
  • 1337 13V3L: +16/-60
  • You think you know? You have no brain.
Re: zOMG haxxored into skools system!
« Reply #14 on: February 11, 2007, 04:57:59 AM »
what is the name of the program?

at our school, they use a java based app called "star base"

they also have "deep freeze" installed on every computer.

We use something called Class XP.

http://www.thinkgeek.com/gadgets/security/5a05/

Leave this in a teacher's computer for a day or so til it can be retrieved securely and the passwords are yours. Use the login and password to access the grading system, and make sure that the hard copies are lost in a mysterious accident. If that's not your style, change the admin passwords around and raise holy hell in the system til they scrap the whole thing.

Yeah I saw that thing and thought that it would be pretty nice for getting teacher's login's and stuff so I could just do stuff through the admin account, but logged into their Windows so it doesn't come from my student Windows ID. Cost more then I'm willing to dish out though, and it would be a complete bitch if they found it, because then I'd be out of that money pretty easy.

There was a discussion in BinRev about how bad an idea playing with grading systems was (someone brought up something about grade audits and other checks that were done), but this seems pretty interesting. If you really wanted remote access (probably a bad idea because A) most schools turn their computers off at night and 2) you'll probably get caught, which would be bad) and did have physical access (it seems from the posts that you do) you could always install a remote control program (some schools use VNC so the tech guy doesn't have to go onsite for everything). That would be a pretty bad idea, though, and I don't recommend it at all.

I was looking through the "Students" drive and looks like kids have already put shortcuts to the program in there, but I haven't tried to run it from my student windows login yet though (I'll test it tomorrow just to see if the program opens). And I'm pretty sure we have an on site tech guy (is actually one of my friend's dad) that most likely fixes shit for the schools throughout the district.

My grades are decent enough that it wouldn't be worth the chance of getting caught changing them, and my latenesses/absences aren't that much either. If anything, latenesses/absences would be the only thing I'd change back a couple numbers. Its still cool to be able to see your grades and everybody elses before they report cards come out and crap. And if I time it right, I could probably catch the Progress reports and change those to P (passing) if I knew I was gonna be getting one otherwise.

I logged onto it the other day during Auto to check my grades a day ahead of the the report card, and a couple other trustworthy kids were standing behind me in the office... Got the "Whoa! You hacked into that?" kind of response. So under theirs and AntiHacker's standards, I must be an 31337 haxxor for guessing the default Username and Password for the program.


yeah, or you found out where it was written down right?

pencil!