Momokogo

Admin password at school

24 posts in this topic

My school has some seriously bad security...I guessed the admin name and password in about 3 tries. I was logging on from my home computer using Remote Desktop connection, the school computer is running windows 2003 server. What do i need to do to make sure they can't trace the login to my computer?

Do I even need to worry about this?

I don't know much about hacking at all, and I'm not planning to use this user and pass to do anything. I just don't want to get in trouble for it.

Thanks :)

0

Share this post


Link to post
Share on other sites

If you don't want to get in trouble for it, don't say a word about it for a while and stop using the account.

0

Share this post


Link to post
Share on other sites

My school has some seriously bad security...I guessed the admin name and password in about 3 tries. I was logging on from my home computer using Remote Desktop connection, the school computer is running windows 2003 server. What do i need to do to make sure they can't trace the login to my computer?

Do I even need to worry about this?

I don't know much about hacking at all, and I'm not planning to use this user and pass to do anything. I just don't want to get in trouble for it.

Thanks :)

well, umm delete any logs they have, hope they dont have alternitive outside logging files, hope they dont check logs often, use a proxy like tor next time, dont hack your school they can expell you, hope you have a dynamic IP address.. :P

0

Share this post


Link to post
Share on other sites

Just don't do it. Every story I've heard about messing with school computers didn't end well.

0

Share this post


Link to post
Share on other sites

You really can't do much to prevent them from logging the login. It's already been logged. You have a couple choices, only one of which I recommend. Sure you can fuck with the logs, but since they also keep server side logs as well, you would only seal your fate. Dumb idea n3xgen. I would listen to tehbizz.

The only thing I recommend is don't use that password anymore, and since the login itself was a non-event, it shouldn't raise any flags. Keep in mind that should anything happen in the future, successful and failed logins will be audited (if they do it the right way) and from there, it is trivial to match the failures and success to the PC you were using. In other words, I wouldn't share it either. In fact I wouldn't even mention that it happened to anyone, though I know it is hard not to tell anyone.

Edit : Phone rang and I come back to quite a few replies, heh. I edited it since tehbizz said the same thing I did.

0

Share this post


Link to post
Share on other sites

If you REALLY want to do it use Tor, it can help a little.

And tell NO ONE.

Don't mess up their stuff.

0

Share this post


Link to post
Share on other sites

You really can't do much to prevent them from logging the login. It's already been logged. You have a couple choices, only one of which I recommend. Sure you can fuck with the logs, but since they also keep server side logs as well, you would only seal your fate. Dumb idea n3xgen. I would listen to tehbizz.

The only thing I recommend is don't use that password anymore, and since the login itself was a non-event, it shouldn't raise any flags. Keep in mind that should anything happen in the future, successful and failed logins will be audited (if they do it the right way) and from there, it is trivial to match the failures and success to the PC you were using. In other words, I wouldn't share it either. In fact I wouldn't even mention that it happened to anyone, though I know it is hard not to tell anyone.

Edit : Phone rang and I come back to quite a few replies, heh. I edited it since tehbizz said the same thing I did.

meh, i was sortof under the impression that he had left more than his IP there, the kind of stuff REQUIRING log removal... but ya, stay away from it for quite some time, then TOR in if you must

0

Share this post


Link to post
Share on other sites

well i didnt do anything, just logged on when i was trying to guess the password and logged off.

i renewed my ip adress, does that help at all?

0

Share this post


Link to post
Share on other sites

well i didnt do anything, just logged on when i was trying to guess the password and logged off.

i renewed my ip adress, does that help at all?

No, not at all. That's just silly. Your ISP keeps logs of which IPs belong to who. And let's just say they didn't- how about your MAC address? Sys Admin: "Oh, here's another IP address. Wait a sec- the MAC is the same. This must be the same guy! Okay, something fishy is going on here."

Since you actually didn't do anything, I really doubt anyone is going to notice. Even if someone does, what damaged occured? Next time you go and crack your school's security (which I don't exactly recommend), at least use a proxy.

[edit] Oh, and I've had similar experiences. Take this as a "lesson learned" :).

[edit 2] And careful about which handle you post these kinds of questions under. A bit of Google hacking shows some stuff on someone who might just be you ;).

Edited by v0id_64
0

Share this post


Link to post
Share on other sites

Just to see what there is to see I used remote desktop to connect to my 2003 server at work. I am the admin though I know a lot more about Linux than Windows. I went through the logs (event viewer) and saw the entries for logins but not a single one of them listed the IP address that was used to connect to the server. Then I thought to look at some of the entries under Terminal Services Manager and still nothing other than the hostname of my computer and that was only showing for the duration of my connection.

Unless someone can tell me where I might find IP address logging for RDP connections I would have to say you are pretty safe. Unless there is another server at your school that does the logging or they dig into the router logs to see who connected at that time.

0

Share this post


Link to post
Share on other sites

Once again, don't mess with school. It only leads to bad things. Maybe there should be a sticky that reads "Don't Mess With School".

0

Share this post


Link to post
Share on other sites

Once again, don't mess with school. It only leads to bad things. Maybe there should be a sticky that reads "Don't Mess With School".

Oops! Too late. What now?

0

Share this post


Link to post
Share on other sites

Just to reinforce the point, don't delete the logs. As of now you haven't really done anything to raise suspicion. Also if you haven't changed anything they would be more enclined to go easy on you if you were caught. If you had erased the logs the admin would have noticed and I'm sure they have a backup somewhere and than you'd be in worse trouble. Like RightCoast said, forget it ever happened.

0

Share this post


Link to post
Share on other sites

My school has some seriously bad security...I guessed the admin name and password in about 3 tries. I was logging on from my home computer using Remote Desktop connection, the school computer is running windows 2003 server. What do i need to do to make sure they can't trace the login to my computer?

Do I even need to worry about this?

I don't know much about hacking at all, and I'm not planning to use this user and pass to do anything. I just don't want to get in trouble for it.

Thanks :)

if the admin is not a total moron you are already busted come up with a good story

0

Share this post


Link to post
Share on other sites

fluidicslave, "total moron" doesn't really explain it. Tell me how alarms will be ringing for the system admins over a few login attempts.

Who here checks their logs on a day-to-day basis? Not I.

0

Share this post


Link to post
Share on other sites

Just don't do it. Every story I've heard about messing with school computers didn't end well.

Lol. Then you haven't heard mine.

I suggest you just don't break into it for some good while. Keep your fingers crossed that no one else does because when they out they've had a break in your IP will be in the logs. I suggest leaving the logs alone since it would require you to break in again. :nono:

NOTE: Why did you break in in the first place? Just curious.

0

Share this post


Link to post
Share on other sites

Well it started out i was bored in my computer class. I was changing my settings, and i noticed i could find all the other users who had ever logged onto the network. i found update, and i thought it would be fun to try to guess the password. first try. update : update. i wanted to try some others, and eventually got the admin user and password. i was just curious to see what the passwords were. i'm not really planning on doing anything with them in the future.

0

Share this post


Link to post
Share on other sites

Leave a note on the administrators/principles door that says the password. Thats actually something I would try, but then again I'm stupid.

0

Share this post


Link to post
Share on other sites

Well it started out i was bored in my computer class. I was changing my settings, and i noticed i could find all the other users who had ever logged onto the network.

onto ur computer or the network?

if network, then how?

Edited by Rodga Da Shruba
0

Share this post


Link to post
Share on other sites

i was on my computer, logged onto their computer through remote desktop. i went to My Computer, then on the left panel there was system info, then accounts (or something like that). in the accounts there is a "search for users" thing

i searched admin and got admin1, then just logged out and tried to log on with admin and guessing the password.

0

Share this post


Link to post
Share on other sites

USE A TOR NETWORK its slow but is your friend

gpedit.msc is your friend....

--------------dont try this lol-------------------just a good idea for the future-------

turn off logging in the local polices

delete the log files

and search for any other forms of IDS, logging etc....shouldnt be that hard

netstat -ban the box so you can get services and check them carefully to inspect if any is a "foreign" service.

thats just the simple version....install your backdoors and run away lol....have fun :) but dont do it hehe.

0

Share this post


Link to post
Share on other sites

no listen.. thers a teacher i have and she has a website that she built herself and the admin for it is in the school bc her husband does it for the school..and i bruteforced her authentication webpage and sent over 3000 trys and im so stupid and forgot a proxy..and the guy is really smart with computers and i know him personally and he didnt catch anything..so you might have a good chance of getting away with it

0

Share this post


Link to post
Share on other sites

first of all, while not the RULE, but more likely than not, he'll never know. Nothing wrong with the box, why check the logs. Also if he has a simple password he's likely not very security concious, thus again less likely to check the logs. Don't mess with them, you never can know what all is logging what's going on. you may "delete" the logs and then only find he has a third party logging application and you're REALLY fucked since it's expecting the logs to be there when it polls or somethign and hey logs are missing, something's wrong...email admin...and oh yeah I have all the logs before they were deleted.

wait about 2 or 3 months and call his VMB and leave him a message saying his password is too simple and he should change it if you really wanna. by then your ip would be lost in the sea of logs.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now