Jump to content
Sign in to follow this  
satyricon1

Teacher has hacking problems

Recommended Posts

I was talking to my teacher today and he told me a person was hacking into his computer using a password hacking software program. (Obviosuly). The kid was doing it to hack into his router for some kind of gaming system, I believe an XBox360. My question was, how can the teacher protect his computer from the kid hacking his computer. And how did the kid do it, he wouls have to install the softare on the computer. Could he download the installation softare ofa program like Ophcrack to a disk and run it through boot menu without installing it? And could he just make him the admin. on the computer? He has Windows 2000, so I"M guessing he used a program like Ophcrack, SAM Inside, Cain and Able, or a trial use of LC5 (L0phtcrack) and I think he used Netstumbler for the netwrok hacking.

Share this post


Link to post
Share on other sites

So is this you wanting to know the best way to hack into one of your teachers computers? Even if your story is true, you didn't provide any real information to go off.

Share this post


Link to post
Share on other sites

I've used L0phtcrack (an old version) and you'd need Admin access to the PC. It takes forever anyway to use something like L0phtcrack to break passwords and you'd notice it when you use the PC as the CPU goes ballistic with high usage. I'm guessing the kid might be password sniffing on the network which is a lot hard to spot.

 

I actually had to break into our own SQL server 2000 once because the Admin didn't give me the SA password and he had left the job by then.

 

(I did this kind crap when I was bored, now I'm a real network admin)

Edited by Jeruselem

Share this post


Link to post
Share on other sites

What type of teacher is this? Why the hell are they giving out router passwords to people who can't protect their computer?

 

3 things. Remove wireless from the network (if you think netstumbler is a problem). Re-format and re-install Windows 2000 (or upgrade to a supported operating system!!), Set the boot order in the BIOS to boot the hard drive first. Lock the BIOS. Use a USB keyboard (there are such things as PS2 key-loggers)

Share this post


Link to post
Share on other sites

So, did the student (sounds high school age, therefore kid sounds demeaning) hack the router or the computer? If it was the computer, the student may have used a password cracker, found a backdoor (the admin has made sure that the account "Administrator" is password protected hasn't he/she?), the student may have used a keylogger (security software would likely pick this up. However there is a device available known as a Keyghost which intercepts the USB connection to the computer. The device is so small that people are unlikely to notice it, and it can store millions of keystrokes, which equals weeks worth of typing for an average user. The only catch is that the owner must come an retrieve the device in order to get the keystroke recordings AFAIK. In short, a Keyghost is a hardware equivalent of a keylogger). Or the student may have used a network sniffer, which intercepts traffic on a computer or network. There are countless other ways they could have gotten in via software, but have you explored the notion that he/she used social engineering to obtain either the teacher's password or admin rights?

 

It is however more likely that the router was piggybacked directly - either via WiFi or Ethernet. Once connected to the router he/she could have logged in with his/her username and password, and boom - they're on. Then sign in to Xbox Live, and now it's time for some high speed adrenaline fueled electronica backed online racing...

 

In my view it's more likely that the network was piggybacked directly - why would the student go to all the trouble of hacking teacher's accounts when they could simply plug their 360 in via Ethernet?

 

I suggest you (or your teacher) consult Google on how to secure routers... :)

Share this post


Link to post
Share on other sites

What type of teacher is this? Why the hell are they giving out router passwords to people who can't protect their computer?

 

3 things. Remove wireless from the network (if you think netstumbler is a problem). Re-format and re-install Windows 2000 (or upgrade to a supported operating system!!), Set the boot order in the BIOS to boot the hard drive first. Lock the BIOS. Use a USB keyboard (there are such things as PS2 key-loggers)

There are USB keyboard loggers just as readily available.

Share this post


Link to post
Share on other sites

My teachers grandson ran a password hacking softwar on his grandparents laptop at home to get his passwrd. Then he somehow got onto the network with a PSP so he could use it wirelessly, I wanted to know how he did it and how to prevent it from happening.

Share this post


Link to post
Share on other sites

What type of teacher is this? Why the hell are they giving out router passwords to people who can't protect their computer?

 

3 things. Remove wireless from the network (if you think netstumbler is a problem). Re-format and re-install Windows 2000 (or upgrade to a supported operating system!!), Set the boot order in the BIOS to boot the hard drive first. Lock the BIOS. Use a USB keyboard (there are such things as PS2 key-loggers)

There are USB keyboard loggers just as readily available.

 

Oh yeah, look at that! :P

Share this post


Link to post
Share on other sites

My teachers grandson ran a password hacking softwar on his grandparents laptop at home to get his passwrd. Then he somehow got onto the network with a PSP so he could use it wirelessly, I wanted to know how he did it and how to prevent it from happening.

Short non-constructive answer here?

 

Fix the core problem rather than the symptoms - smack the Grandson on the back of the head then take his toy away from him for a fortnight, not necessarily in that order.

Share this post


Link to post
Share on other sites

The teacher's access point should be secured with an admin password and the wireless component encrypted with a strong key. (assuming it's not an ad-hoc wireless network)

Share this post


Link to post
Share on other sites

What type of teacher is this? Why the hell are they giving out router passwords to people who can't protect their computer?

 

3 things. Remove wireless from the network (if you think netstumbler is a problem). Re-format and re-install Windows 2000 (or upgrade to a supported operating system!!), Set the boot order in the BIOS to boot the hard drive first. Lock the BIOS. Use a USB keyboard (there are such things as PS2 key-loggers)

There are USB keyboard loggers just as readily available.

 

Yes but someone would notice that - people would assume someone's left a thumbdrive in there and either keep it for themselves or hand it in to lost property. A Keyghost on the other hand is a tiny device between the keyboard and the computer (you plug the keyboard's cable into the Keyghost, and the Keyghost's cable into the computer - hence no one will pay it much notice).

Considering the fact that a lot of people don't like me here, you may be reluctant to listen to me. That's fine, but you really ought to listen to Kevin D. Mitnick - and he's the guy from which I learned of the Keyghost.

Share this post


Link to post
Share on other sites

What type of teacher is this? Why the hell are they giving out router passwords to people who can't protect their computer?

 

3 things. Remove wireless from the network (if you think netstumbler is a problem). Re-format and re-install Windows 2000 (or upgrade to a supported operating system!!), Set the boot order in the BIOS to boot the hard drive first. Lock the BIOS. Use a USB keyboard (there are such things as PS2 key-loggers)

There are USB keyboard loggers just as readily available.

 

Yes but someone would notice that - people would assume someone's left a thumbdrive in there and either keep it for themselves or hand it in to lost property. A Keyghost on the other hand is a tiny device between the keyboard and the computer (you plug the keyboard's cable into the Keyghost, and the Keyghost's cable into the computer - hence no one will pay it much notice).

Considering the fact that a lot of people don't like me here, you may be reluctant to listen to me. That's fine, but you really ought to listen to Kevin D. Mitnick - and he's the guy from which I learned of the Keyghost.

 

You misunderstood me. There are USB devices similar to Keyghost for USB keyboards.

Share this post


Link to post
Share on other sites

What type of teacher is this? Why the hell are they giving out router passwords to people who can't protect their computer?

 

3 things. Remove wireless from the network (if you think netstumbler is a problem). Re-format and re-install Windows 2000 (or upgrade to a supported operating system!!), Set the boot order in the BIOS to boot the hard drive first. Lock the BIOS. Use a USB keyboard (there are such things as PS2 key-loggers)

There are USB keyboard loggers just as readily available.

 

Yes but someone would notice that - people would assume someone's left a thumbdrive in there and either keep it for themselves or hand it in to lost property. A Keyghost on the other hand is a tiny device between the keyboard and the computer (you plug the keyboard's cable into the Keyghost, and the Keyghost's cable into the computer - hence no one will pay it much notice).

Considering the fact that a lot of people don't like me here, you may be reluctant to listen to me. That's fine, but you really ought to listen to Kevin D. Mitnick - and he's the guy from which I learned of the Keyghost.

 

You misunderstood me. There are USB devices similar to Keyghost for USB keyboards.

 

I'm sure there would be similar devices (READ: nearly identical) devices on the market, I just used Keyghost as an example :)

Edited by ahsoka

Share this post


Link to post
Share on other sites

What type of teacher is this? Why the hell are they giving out router passwords to people who can't protect their computer?

 

3 things. Remove wireless from the network (if you think netstumbler is a problem). Re-format and re-install Windows 2000 (or upgrade to a supported operating system!!), Set the boot order in the BIOS to boot the hard drive first. Lock the BIOS. Use a USB keyboard (there are such things as PS2 key-loggers)

There are USB keyboard loggers just as readily available.

 

Yes but someone would notice that - people would assume someone's left a thumbdrive in there and either keep it for themselves or hand it in to lost property. A Keyghost on the other hand is a tiny device between the keyboard and the computer (you plug the keyboard's cable into the Keyghost, and the Keyghost's cable into the computer - hence no one will pay it much notice).

Considering the fact that a lot of people don't like me here, you may be reluctant to listen to me. That's fine, but you really ought to listen to Kevin D. Mitnick - and he's the guy from which I learned of the Keyghost.

 

You misunderstood me. There are USB devices similar to Keyghost for USB keyboards.

 

I'm sure there would be similar devices (READ: nearly identical) devices on the market, I just used Keyghost as an example :)

 

You implied a thumbdrive or similar would be required and noticeable. This is not the case

 

http://www.keyghost.com/USB-Keylogger.htm

Share this post


Link to post
Share on other sites

What type of teacher is this? Why the hell are they giving out router passwords to people who can't protect their computer?

 

3 things. Remove wireless from the network (if you think netstumbler is a problem). Re-format and re-install Windows 2000 (or upgrade to a supported operating system!!), Set the boot order in the BIOS to boot the hard drive first. Lock the BIOS. Use a USB keyboard (there are such things as PS2 key-loggers)

There are USB keyboard loggers just as readily available.

 

Yes but someone would notice that - people would assume someone's left a thumbdrive in there and either keep it for themselves or hand it in to lost property. A Keyghost on the other hand is a tiny device between the keyboard and the computer (you plug the keyboard's cable into the Keyghost, and the Keyghost's cable into the computer - hence no one will pay it much notice).

Considering the fact that a lot of people don't like me here, you may be reluctant to listen to me. That's fine, but you really ought to listen to Kevin D. Mitnick - and he's the guy from which I learned of the Keyghost.

 

You misunderstood me. There are USB devices similar to Keyghost for USB keyboards.

 

I'm sure there would be similar devices (READ: nearly identical) devices on the market, I just used Keyghost as an example :)

 

You implied a thumbdrive or similar would be required and noticeable. This is not the case

 

http://www.keyghost.com/USB-Keylogger.htm

 

Back then I thought you were referring to a thumbdrive-like device.

Share this post


Link to post
Share on other sites

He probably just ran SIW or Cain and Able, and got the 'secrets' stored on the PC (old encrypted pages stored in cache), its simple and easy.

 

way to protect against it? disable wireless.

 

If he gets actual acess to the PC< password the PC.

 

if hes using things like PSPs to connect etc, MAC address filtering, sure you can spoof em but peple usually dont know how on portable devices.

Share this post


Link to post
Share on other sites

Find out what port Xbox Live communicates on.

 

Port Forward to 127.0.0.1

 

If said hacker is ONLY using it for XBox comms then it should be sufficient (unless said hacker has admin access to wireless modem/router)

 

AD

Share this post


Link to post
Share on other sites

the teacher has a wireless laptop that he takes to school. He has an accounting business that he keeps his work on. Evidentally he keeps his computer on all the time and the kid installed some sort of password hacking software onto it onto the computer while it was on under Admin(since he never loged off he didn't have to hack it.. My guess would be either a triall version of LC5 or maybe if he has a set of balls and actual good program like a 'non' trial version of Ophcrack. So the kid can hack into the computer now that it is installed. So knows everything necessary to hack into the network. And since he already has the program installed, he can just run the program on a disk without having to log on if the teacher decidest o change his password. So my question is, what can the teacher do to protect his computer from the kid hacking onto his network. I don't believe he has his network encrypted.

Share this post


Link to post
Share on other sites

The teacher can:

 

* Run spybot S&D and a virus scan

* Change his admin password

* Not log on as the default administrator account

* Not carry around his confidential business data on a computer with him (least of all to a school)

* Not leave his PC logged on and unattended like a dickhead

* Cut the testicles off the 'kid'

Share this post


Link to post
Share on other sites

MAC ADDRESS FILTERING!!!! ffs.

 

if its used for a gaming console, spoofing on a PC is easy shit, spoofing on a console or handheld is a pain in the ass.

 

also, remove the trojan any decent antivirus (use ClamWIn maybe?) will find and fix it.

 

also encrypt the wireless network with WPAPSK2, fuck even WEP is better than nothing, once again, easy to break on a laptop, but gaming consoles not so much.

 

also, teach him about WIN key + L combo on his laptop.

 

edit: and change the fucking passwords he has now.

Edited by Master_Scythe

Share this post


Link to post
Share on other sites

Exactly,

just don't allow any other MAC addresses on the router besides the current one for that computer, I do that to every PC who wants access in my home network (me, brother, friend etc.)

Share this post


Link to post
Share on other sites

Is there any software that the teacher could install on his computer that would shut the computer down if someone failed to log into after three times?

Share this post


Link to post
Share on other sites

While we're all very happy to have people give constructive advice on how to secure a network/PC, we can't have people giving out instructions on how to break into someone's computer -- even under the guise of "how did/could it happen". Please keep this in mind when providing further replies to this topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×