Powerschool (easy question)

[sheepbyte 1]

What hashing method does powerschool use for the passwords?

[riscphree 0]

i can find out, but i would guess md5 right now.

[sheepbyte 1]

I checked some tables. It seems as if the password is not:

Sha1

md5

md4

Any help you can give would be appreciated

[duper 3]

What does the ciphertext look like?

[sheepbyte 1]

here they are:

0D6A60651A1B0550600B0D712FB05FBB2C4C4C0D04766EC54867227C14AD29F6

2B7867B3549B1B6B203D2CFE6D173FDF4AB34075773478384C2C770169C12F9A

[Polymira 0]

I know your not going to like this answer....

But your not going to get anywhere. Believe me, I was once in high school, and my local district uses powerschool.

Only thing is, we got in.... we got full admin privilages...

But that involved sneaking into a server room, rebooting the machine, taking the SAM file, cracking it, using that password to login to some terminal service clients, installing keyloggers ... yeah, fun stuff.

[sheepbyte 1]

I'm not actually in school. I hear all this powerschool hype and I want to hack the system just as a challenge. The site is down right now, but I'll post the vulnerable source I found. There is this huge cloak of secrecy surrounding this software and it is PISSING ME OFF! I'm not going to go to desperate measures like breaking into a builing 500 miles away or installing keyloggers . I just want to learn more about this system.

[mikes 1]

the school system I used to work for used it at one school. Powerschool runs (ran) on an iMac runing OS X. the users and teachers entered data via a browser on their PC. the firewall had ports opened to allow outside traffic to access the database. the idea was for parents to see their kids grades.

if you knew the external address of a "server" (iMac), plan you attack for any holes in the Mac OS.

[jdawg 0]

did you ever have any luck with hacking into powerschool?

[seanman236 0]

Okay, stay with me here guys.

I have never hacked before, I know quite little about it in general.

However, I feel this compulsory need to hack my Schools grading system- Powerschool.

I was wondering if it is possible to do so?

I figured it was possible because my parents are able to view my grades in a similar fashion as the teachers do, I have my own account and I am not.

If this is just too difficult for someone with no experience like myself, then just tell me so and Ill drop it, but if its possible to do, and someone has the patience to explain it to me, that would be cool.

[Jat Goodwin 1]

Okay, stay with me here guys.

I have never hacked before, I know quite little about it in general.

However, I feel this compulsory need to hack my Schools grading system- Powerschool.

I was wondering if it is possible to do so?

I figured it was possible because my parents are able to view my grades in a similar fashion as the teachers do, I have my own account and I am not.

If this is just too difficult for someone with no experience like myself, then just tell me so and Ill drop it, but if its possible to do, and someone has the patience to explain it to me, that would be cool.

I have a feeling this "compulsory need to hack my Schools grading system" would have somthing to do with your grades being below average. Best way to fix that is to do your school work instead of asking to hack the school system. Becuse even If your parents see all A's on your report card the teachers still might just give them a phone call about your outstanding low mark on your last test.

[light 0]

Regarding the passwords for Powerschool, at least at our school, the passwords and usernames are arbitrary alphanumeric strings, all lowercase. Every student in the school uses usernames and passwords in that format, and each student has two username/password sets, one with 'student access' and one with 'parent access', the only difference being that the parents can setup e-mail data with digest grade summaries and I believe that there was an option for alerts based on grade thresholds.

For teachers, there is a different log-in page, with a very simple modification of the url - it is as simple as it seems. There is also another very simple change which gets you to an 'admin' prompt - password only, no username.

If anyone has more questions about Powerschool, I will be more than glad to help you. Our school uses it, and I know quite a few people who know quite a bit about the software and might be willing to let some experimentation occur.

-Light

[tiocsti 1]

deleted.

Edited December 8, 2007 by tiocsti

[Demonic_angel 1]

Yeah, I just didn't want to start a new topic on this so here goes.

Is there anywhere someone can direct me to learn more about encryptions and hashes. Like the 128 bit encryption what does that mean?

I tried to google it but keep coming up with buy this to protect this junk. nothing very informative.

[codar 0]

Yeah, I just didn't want to start a new topic on this so here goes.

Is there anywhere someone can direct me to learn more about encryptions and hashes. Like the 128 bit encryption what does that mean?

I tried to google it but keep coming up with buy this to protect this junk. nothing very informative.

Did you try wikipedia...

[Demonic_angel 1]

Wow. No i didn't. I can't belive i didn't think of wikipedia. Thanks man.

[nwbell 1]

I should look around - somewhere I have a copy of the client, docs, and a partial (no student info) database dump from PowerSchool's sister product, ClassXP. Perhaps there are some similarities?

It's been a couple years since I played with it, but I do recall that the passwords were hashed, and I knew (from using other methods) what some of the passwords were in plain-text. Maybe I could put something together.

FYI, this ClassXP installation was totally contained on a single sharepoint - one folder on the share contained the client, and another contained the data (text files and some proprietary database files, IIRC) which the client directly read from and wrote to. Worse yet, guest access on the share was enabled! It was read-only, so things like changing grades were out, but EVERYTHING (including the portions with student data) was world readable. Oddly, it seems I was the only one to discover this.

I've always wondered if other schools were dumb enough to do similar things...

[jds420 0]

The admin login page has no text field for user name. The solution... the password that your school teachers and counselors use is their initials (first, middle, and the first three letters of their last name; (semi colon) last four numbers of their social security number. My school districts admin password to change anything from your name to test scores such as high school exit exam and SAT scores is kklee;5632 (THIS PASSWORD WILL ONLY WORK IN FRESNO, CA)

[ghost.d0wn 0]

Very interesting.. where did you get this information?

[slashmolder 0]

http://edison.powerschool.fresnounified.org/admin/ or http://206.78.212.69/admin would be the log in page for a school I found in that area and guess what it doesn't work .

[veb4713 0]

The admin login page has no text field for user name. The solution... the password that your school teachers and counselors use is their initials (first, middle, and the first three letters of their last name; (semi colon) last four numbers of their social security number. My school districts admin password to change anything from your name to test scores such as high school exit exam and SAT scores is kklee;5632 (THIS PASSWORD WILL ONLY WORK IN FRESNO, CA)

k so.. the Socal Security part.. how?????

[Trikk 5]

By the links given above, if you go into the source you will see the following:

<script language="JavaScript" src="/admin/javascript/md5.js"></script>
<script language="JavaScript"><!--
if (window != top) { top.location.href = location.href; }
var pskey = "205547AB48CD43E111456C5D7309152A35A112FA68A2793A0378421E75825595";
function psEnter() {
	if (doAdminLogin(document.LoginForm)) {
		document.LoginForm.submit();
	}
}
//-->
</script>

The main part being "/admin/javascript/md5.js", so the password would be encrypted in MD5, correct?

EDIT: going to /admin/somenamehere.js will get you a glimpse of what the administration panel looks like

EXAMPLE: http://206.78.212.69/admin/test.js

Also, port 5071 seems to be the default port it uses both UDP/TCP

Links:

http://www.securityfocus.com/bid/22611/exploit

Edited September 2, 2008 by Trikk

[mikeyoung 0]

For you people trying to hack power school try this......

1st go to(http://powerschool.warsaw.k12.in.us/public/)....

This is the url for the warsaw community school district power school.

I do know one of my teachers user names...."nneukam"....

However i do not have the time or efficent software to figure his password.

I have tried "accessdiver" but you have to set you're own key words.

With the set up the school has the teachers user name is...the 1st letter of their 1st name......then their entire lastname.

Then they create their own password.

One thing to keep in mind is that this guy is a huge nascar fan.....gordon, earnhart jr, etc.

If anyone has success hacking this, please e-mail me. (mikefairfieldyoung@hotmail.com)

Thanks for reading.

mallynn99

[jds420 0]

I went to Fresno High School who's admin page is http://powerschool.fresnounified.org/admin/home.html. I graduated in 07 so I dont think that kklee;5632 works anymore. The way I obtained the password was to **** the librarian, but hey I liked it . Once you login using the admin page, you can find all the teacher's six digit security key. This is required to setup powergrade (the app that updates data on the powerschool server). My situation was tricky because the server only retains the modified data if sent over a local network. If you change it over the internet it reverts back in 60 minutes . So I had to know when the teachers uploaded the grades and when the district pulls them, so I could upload in the middle but less than 60 minutes before the scheduled grade query. It worked and got me through a few classes that I ditched to go smoke (stupid idea). To this day I believe that I knew more about their own system than they did.

[snakesonaplane 9]

The way I obtained the password was to **** the librarian, but hey I liked it .

Yeah, okay.