+ Post New Thread
Results 1 to 7 of 7
AU General Chat Thread, The security of australian (more specifically queenslander) school computers in Australian (AU) Specific Forums; hello pplz of australia, quite recently I started a thread in the security forum, one dedicated to all the get ...
  1. #1
    sbrooks's Avatar
    Join Date
    Oct 2009
    Posts
    14
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    11

    Exclamation The security of australian (more specifically queenslander) school computers

    hello pplz of australia, quite recently I started a thread in the security forum, one dedicated to all the get arounds that I used for the last 10 or so years on the school computers. heres what i've said already

    Post 1

    Hello, I am a student of queensland and formerly a student of western australia that has been exploiting the inherent flaws in computer security on school computers since I've been knee high to a grass hopper, and I've only been caught twice. As I am now trying to be more responsible I've decided to list the errors in security that I have exploited over the years. the first and most major one is that of the BIOS/boot sector, the first time I went onto another website around the filters I just booted a very badly aged version of linux from the CD i had smuggled into the computer room. there is not much that you can do to prevent students from booting from a CD or USB but it is good to keep this in the back of your mind, the most popular way to get around security is to not use the OS installed on the computer. the next biggest, but most likely stupidest way around internet filters is that of proxies, proxies are a favorite of many a year 8-er, the only problem is that most chools log all your traffic, I was dumb enough to use this get around, and I was caught. there are many other work arounds for security, I will be listing them here soon, I need t goto school now

    Replies (summarised):

    there is a way that the boot sector go around can be prevented, set a password, what i forgot to include in this post is that it is quite easy to whip the CMOS battery out and then reinstall it manually overriding the password

    Post 2

    Ok, so I've gone over boot and proxy get arounds, I'm just gonna revise the boot side. for a more advenced user of this side, like myself or one of my good friends, it is possible to not only aviod the monitoring/blocking software installed on most school computers it is viable for above average users to hijack some of these systems. one of the major things I did last year was load backtrack (a linux based OS used for "hacking") onto a USB and declare war on my schools admin. this was made easier by two facts, the newer MOE (Managed Operating Environment) system on public schools was more "secure" but less secure. the major thing was the whole "one account one password" system, as named by me, basically the password used to login to the computer was also used to access the internet, unlike the older versions where it was possible to have two separate passwords. this means that using the SAM file password "hack" I could not only gain access to the last user to use the computers password for the network but also for the internet. basically all that they did was allow more access for computer savvy "hackers". after gaining access to the admin account, which was pretty damn easy (thanks MOE) u had basically free reign over all the computers in my school. then something happened, a MOE techie came to school, and guess what? he logged onto basically every computer in the whole school. password heaven, after gaining his password i had access to WMI scripting, the best thing ever! a small amount of knowlegde and i was DLing everything i wanted from anywhere. Basically to sum it up though i did not act maliciously there is a big hole in the boot area there, and anyone can use it. till next time. Sbrooks

    Replies (summarised):
    basically many people agreed with me strangely (though one basically accused me of being the antichrist of computers)

    Post 3

    ok so i've gone over the BIOS errors and the Proxies, now onto basic malicious programming. this one is harder then even the bios to regulate, where does one draw the line in the sand between learning about the functions of a computer and learning about the functions of a computer that subvert the security of the computer? lately the year 8's have been dragging games to school on their USB's so the administrator reacted by introducing FlashTray (or atleast thats what the process is called) a program that scans any new USBs for anything considered "bad". Now it filered anything with .mp3, .exe or .swf as the file type, the problem is here we have a good(ish) IPT commun, meaning that many students had executables that directly related to school work on their USBs, this meant that either the students had to somehow turn off flashtray or get around it in another way. Being as inovative as I am it took me about 3 mins to turn flash tray off by designing a VB program that listed all processes and allowed you to select one and kill it. If i can do this in 3 mins then sureley less informed, but highly motivated students could do the same in a greater amount of time. sureley enough a few days later someone else figured it out, and again all the year 8's had their games back. so the administrator set up the preferences on VB to not trust any location (h:, g:, C:, D: etc) and yet again i overcame it, it turns out anything in virtual memory is trusted, so you just type up a simple taskmanger clone, or atleast the process diagnostic side of it, being sure not to save it leaving it in a trusted tempory file, giving full access to the program. so again the dilemma is that eventually another student will find that out. anyway thats enough from me again, Sbrooks

    Replies: none, not enough time

    Post 4

    Ok, so i've talked about the major software get arounds (Alternate boots, Proxies and purpose built malware) now onto the major hardware "get-arounds". The most major of all hardware security flaws and the hardest to remove is that of detachable cables. how are you going to monitor student A if he interrupted your live feed from his computer by disconnecting and reconnecting the cable. this problem is also the hardest to regulate with rules, how can you prove that student A intentionally diconnected the LAN cable. the second get around, hardware wise, has already been discussed on this thread, that of actually taking the case off and manually resetting the BIOS, this problem is even less easy to regulate though it is easier to use the rules against someone subverting security this way.
    Replies: none, not enough time

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,867
    Thank Post
    412
    Thanked 778 Times in 651 Posts
    Rep Power
    182
    why have you just duplicated a thread for no reason?

  3. #3
    sbrooks's Avatar
    Join Date
    Oct 2009
    Posts
    14
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    I duplicated it mainly so one of my friends could see it, but also so more people could see it

  4. #4

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,440
    Thank Post
    408
    Thanked 669 Times in 611 Posts
    Rep Power
    191
    Quote Originally Posted by sbrooks View Post
    I duplicated it mainly so one of my friends could see it, but also so more people could see it
    Ah, yes, the security forum is hidden.

    Well really, there's no need. Honestly.

  5. #5

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,867
    Thank Post
    412
    Thanked 778 Times in 651 Posts
    Rep Power
    182
    They weren't missing anything, don't worry.

  6. 4 Thanks to powdarrmonkey:

    bossman (27th October 2009), Edu-IT (27th October 2009), p858snake (27th October 2009), tom_newton (27th October 2009)

  7. #6

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,440
    Thank Post
    408
    Thanked 669 Times in 611 Posts
    Rep Power
    191
    I suppose the advantage is they won't have to sign up and the place won't become infested with script kiddies!

  8. Thanks to Edu-IT from:

    bossman (27th October 2009)

  9. #7

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    4,032
    Thank Post
    1,261
    Thanked 1,107 Times in 785 Posts
    Rep Power
    338
    @sbrooks:

    Wow looks like Australia is the place to go as they are in dire need of good IT specialists by the look of things, fancy letting a snotty nosed kid get round security so easily. Non of what you mentioned would have worked at all on my network that is a fact.

    Anyway keep practising and one day you may become an Adult



SHARE:
+ Post New Thread

Similar Threads

  1. Portable computers of some sort for school
    By witch in forum Hardware
    Replies: 23
    Last Post: 12th June 2009, 12:56 PM
  2. WOL computers in school
    By dezt in forum How do you do....it?
    Replies: 13
    Last Post: 21st January 2008, 05:18 PM
  3. Computer Specifically for Music
    By witch in forum Hardware
    Replies: 9
    Last Post: 10th July 2007, 12:37 PM
  4. Replies: 19
    Last Post: 27th May 2007, 07:03 PM
  5. Replies: 1
    Last Post: 14th March 2006, 01:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •