High School Hacking
by The 999
I recently messed around with our school's new network. It is run on new IBM PS/2s. Each workstation is an i286 and the servers are i486s. There are three networks, each networked with each other. It is all run on a fiber optic Token Ring network. Hacking this system is so easy it's almost unbelievable. There are three ways to do it. All three ways are equally easy; it just depends on what you want to do.
After loading up, the system displays a digitized picture of a rose in the background and asks for your name or number. Students use their student ID numbers as their username. The teachers use their own names. The administrators use "Administrator" and "Sysop".
First off, logging on as the sysop. The idiots who run this thing (the teachers, enough said) don't have a password on the sysop account. If you try to log in as administrator, it will ask you for a password. I don't know what it is. But if you try to log in as sysop, it will beep and you're in, password free. You have to be careful that no administrators are nearby, as that beep is only made when the sysop logs in.
Now that you're in, you will get a large menu with all the choices. They consist of various sysop functions, from Add/Remove/Edit user account, Add/Remove files, Change password, etc. I like the edit and make user account features. Editing an account is very easy. It asks for the user's name, grade, etc. This info is all available by pressing F1, which gives you a long list of every user, listing their name, ID number, and grade. So you just enter what you want and you have their account on your desktop. Edit away. Making an account is the same, except you make up info instead of using real information. Make your own sysop level accounts. Why not? The sysop account that you are on can do anything you want to do.
Getting into DOS. Easy. When the machine is booting up, press Ctrl-C and/or Ctrl-Break to terminate the batch job. There you go. DOS. I would suggest waiting until you see the stuff about "Inserting ring into network" or whatever. Then break the batch. If you break before this, you will only be able to mess with the local hard drive, not all of them. On the system I was working on, the local drive was H:. The main stuff was on T:. There are a lot of logs on H:. All the drives pretty much look the same, with the same directories and all. But they are a little different, and the files in the directories are different. There are many neat tricks once you're inside DOS.
The directories follow a strange naming structure. The names of each user's directory is the user's name, underline characters (_) to fill up the eight character name, but then they might also have a three character extension as well. For example, one user (number 8344) has directories called 8344________, files called 8344____.__#, 8344____.__@, and so on. Strange.
DOS doesn't seem to care though. The teachers follow the same format. A teacher named Mrs. Rosenthal had directories called ROSENTHA.L__. Interesting to say the least. I enjoy hacking this system just to look at the weird tricks this netware pulls.
Hacking accounts. Easy too. If you didn't get on as the sysop and steal an account or make your own, and you don't want to mess around under your own name, this is for you. When the systems are put up, and when users are added, they all get the default password. On our systems, the password is DOG.
So first, you pick a student number. These can be gotten in many places so you don't have to even guess. Look at any teacher's grade book or any attendance sheet, etc. They all have the ID number right next to the student's name, Now you log in using that number. At the password prompt, enter the default password. The easiest way to figure out the default password is to simply remember what it was the first time you logged in as yourself. Changing the password of the account you are using is simple - it's a choice from your main menu. You have to enter your current password and it doesn't echo, which prevents you from just going up to a terminal someone left without logging off and changing the password. Also, shoulder surfing is not hard, especially since most users are computer illiterate. Most will even tell me their password! Like when they change it, they tell me what it is voluntarily.
If you are on as a student, not a sysop or other superuser, you can still do anything you want, almost. Go to Microsoft Works, which usually comes with the systems and is on everyone's menu. You can now load any file you want. I am still trying to find the password files. Another nice feature of Microsoft Works is the run external program choice from the file menu. "DOS prompt" is one of the choices. If you run it, you will be in a full DOS shell. You can do anything you want. You can do the same things you could if you broke the batch file while booting up. You might have some drives that you can't log into. It depends on the restrictions of the user that you are using.
There is a neat directory called Autolog and Autolog2. There are files called *.LGN, where * is a number. These files have various things in them (Windows AppLog). I assume they are some sort of macro autologin things or something. The ones I looked at said things like "Hello Butch, the time is" and some kind of time string and stuff like that. But it also lists the user's root directory and drives. Like if it has A:-H:, that user has access to drives A: through H:. The directory listed in there is the user's work directory, where all of their files are saved.
I hope I have helped to open your mind to hacking local school networks. These can be found by walking around the school looking into windows for a PS/2 computer lab. You can then just walk in, sit down, and hack away. If for some reason someone asks why you are in there, say you're there for your history class or whatever.