Information Security in Education/School Hacking

Disclaimer
This page was not written to encourage hacking, but to show educators what type of control students can take over computers and how to identify these hacks.

Introduction
The term hack has several related meanings in the technology and computer science fields. It may refer to a clever or quick fix to a computer program problem, or to what may be perceived to be a clumsy or inelegant (but usually relatively quick) solution to a problem. The term is also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable.

Most networks start off with poor security. But over time, with patches, network security does increase. At this point, a hacker that has gotten use of a certain system may be lose their additional access for a while. But usual the hacker goes on to find new holes. There is only so much an admin can disable on your computer before it becomes no use to anyone.

To get access to a network, a hacker can use whatever programs are on a computer.. If you are a student then you will undoubtedly have programs that aid in study, such as Notepad, MS Word, PowerPoint and others. All these programs can be used to the hackers advantage.

On this page of the book we will discuss how educational computers are hacked to take access of student files and data.

By knowing these hacks, administrators and teachers will be better able to spot when students are hacking into networks.

Microsoft Windows
With Microsoft Windows based computers, the first line of security is to lock out the control panels and the MS-DOS prompt. Most administrators stop MS-DOS prompt from working, because it's the best way to get administrative privileges. Although these two items are locked down, by searching the internet you can find a number of hacks to get around many of these.

By opening up a Notepad document, it it is easy to make a .com and .bat file that can be used to run locked down parts of the machine. 

Novell
Novell NetWare software is a suite of software products developed and maintained by Novell, Inc. for computer systems management.

NetWare allows administrators to install software on, configure, put a hard-disk image on, inventory and remotely troubleshoot Windows-based workstations and laptops from a central location, through use of policy-driven automation.

As with most security software that is placed in schools, students will quickly find ways to get around the system.

For Netware there are a variety of hacks that can be found on the internet. A Google search for Novell Netware hacks shows 286,000 results. some of these hacks can be seen below.

Novell Windows NT Hacks
These hacks are referenced from Rahul Hacking

Gain C: Access
This operation has been canceled by the Administrator" / "You have insufficient rights to execute this command
 * 1) Open Internet Explorer
 * 2) Go File > Open then Browse...
 * 3) At this point you should be able to see the entire C: drive of the computer.

Gain Program Access on C:
If you know what files are on the C: drive based on the above hack you can then open most of the programs that are on the computer.
 * 1) Open Internet Explorer
 * 2) click Browse...
 * 3) Pick a useful file like "command.com"
 * 4) When you find the file, click ok and you will have a little box with the full pathname of the file.
 * 5) At this point you can either OK, Cancel or Browse... Do neither.
 * 6) Copy the pathname.
 * 7) Now open MS Word.
 * 8) Go to View
 * 9) Select Toolbars
 * 10) Chose Visual Basic. A toolbox will pop up.
 * 11) Click "Design Mode". A new toolbox should pop up
 * 12) Click the "Command Button" which just looks like a small rectangle.
 * 13) When the button pops up, double click it. You should be taken to a VB screen with the following in the middle:
 * Private Sub CommandButton1_Click
 * End Sub
 * 1) Now type in...
 * SHELL("C:\winnt\system32\command.com")
 * 1) hit F5 (Debug)your screen should read:
 * Private Sub CommandButton1_Click
 * SHELL("C:\winnt\system32\command.com")
 * End Sub
 * 1) If a minimized does not come up, try this:
 * Private Sub CommandButton1_Click
 * a = SHELL("C:\winnt\system32\command.com",vbNormalFocus)
 * End Sub
 * 1) Hit F5 again.

saying macros have been disabled pathname.
 * If this doesn't work there could be a number of things wrong:
 * If a screen came up
 * go back to your first Visual Basic toolbar
 * Click the button says "Security...".
 * Now select the option that says "Low".
 * Try again.
 * If it still doesn't work, read on.
 * If it says "Run-time error:'53'--- File not found" you are in trouble.
 * It means you either typed the pathname incorrectly
 * Or it means the file does not exist
 * If your computer is running win2k or xp you will have to slightly adjust your

It is recommend you use command.com as apposed to cmd.exe. The main reason is that cmd.exe can be blocked off by your administrator, so as soon as you open it you will get something that says "CMD has been restricted by your administrator. Press any key to continue...". If this happens, cmd is useless.

Using PowerPoint to run applications

 * 1) Create new PowerPoint Slide
 * 2) Insert Hyperlink
 * 3) The hyperlink should be pointed at the file you want to open
 * 4) View the slide
 * 5) click the hyperlink
 * 6) Your file or program should open.

Using Notepad run applications

 * 1) Open a Notepad
 * 2) Type:
 * click
 * 1) Go to File > Save as...
 * 2) type in "link.html" with the quotes
 * 3) Save the file in the drive you have access to. Sometimes also called My Documents.
 * 4) When you refresh the drive, you should be able to see an IE icon called "link.html"
 * 5) Double click it, then click the hyperlink.
 * 6) Your file or program should open.

Getting Access to invisible drives
Frequently CD, Floppy, or Flash Drives are locked down. To gain access to them


 * 1) In your private drive, try creating a shortcut to a:.
 * 2) This will almost definitely not work but is worth a try.
 * 3) Try going to File > Winzip > Zip to file. This may allow you to transfer files to your floppy.
 * Lastly, we can use DOS. This usually works because it is hard to disable items in DOS effectively so there are a number of ways around it.
 * 1) In DOS type:
 * C:\>a:
 * A:\>dir
 * Volume in A has no label
 * Volume Serial Number is 0001-0AA0
 * Directory of A:
 * BO2k.zip 111,111 1/1/04
 * Netbus.zip 111,111 1/1/04
 * C:\>
 * So now we can see what's on the disk. If you wanna run it you can type:
 * A:\>Netbus.zip

However, a more efficient way of opening it would be to first copy it to your private drive. We do this by typing:

A:\>copy a:\*.zip h:

Getting Passwords
NOTE: This only works on poorly secured networks From a Dos Prompt type:
 * C:\>copy c:\winnt\*.pwl a:

This command copies all the .pwl (password) files that are stored in the Windows NT directory. You can now take the disk home and crack the password files in our own time at our own leisure.

Most reasonably secure or just new networks no longer store their passwords in .pwl files. In Windows 2000, there's a new thing called SAM (Security Accounts Manager). Which is harder to crack.

Advanced Novell Hacking
Advanced hacking of Novell is easy to find too. These involve using programs such as port scanners,  keyloggers,  Trojan horses and  password crackers. For information on this you can go to Rahul Hacking or Google what you are trying to do.

=References=


 * Hacks PC: Hacking your school
 * Novell
 * Google: Hack Search
 * Google: Hacking School Networks search
 * Defcon