HOT ] How to Hack Your School Grading System [ Change your grades! ] Hello everyone, as it seems that a lot of you guys seem to be in high school and want to be like the War Games hackers I figured Id write a tutorial on how to steal logins for online grading systems. If youre school still uses paper to write down and keep track of grades this tutorial is not for you! Please remember to be careful with this information, this is not for you to use only to understand that this is a posibility Wink Step One - Understanding Some Basics (Skip this if you dont care whats happening behind the scenes) Now youve got to understand some basics about how computers communicate on a network (if you are familiar with this and have a general understanding of how TCP/IP works then skip this section as it is only for those who want to learn whats happening behind the scenes!) Ill try to cut down on most information! So basically every computer on a network has an IP address be it 192.168.1.101 or 10.0.0.10 that is your IP for your computer on your current network. This is your computers address much like every house has a mailing address to receive postage! So basically all the computers send information through the router or switch which passes it on out to the internet and vise versa. The router broadcasts its address to every computer on the network and says Hey everyone! Im 192.168.1.1 and Im your default gateway! Send all your requests through me and Ill serve you! and all the computers happily send their requests through the router. But what if someone lied about being a certain IP address? In an ARP cache poising situation, this is exactly what a hacker would do. Hackers Computer: Hey 192.168.1.1 (router)! Im 192.168.1.100! Router: (Didnt ask, but accepts this information) OK thank you Ill send future data your way! Hackers Computer: Hey user 192.168.1.100 (Vlictim)! Im youre router! Vlctims Computer: (Didnt ask, but accepts this information) OK thank you Ill send my requests through you! Now the hacker has places himself in a very great position! He is now a proxy or a computer that both the router and the vlctim must push their information through. So now if the vlctim wants to visit a webpage all of his data is sent through the hackers computer and on to the router and vise versa. The advantage here is now the hacker can read everything the user is doing online. The problem The main problem with this is that most sites that do Online Grading encrypt their data before sending it to the router so that this attack is thwarted. The solution Using software like Cain & Abel you can get around this problem. This is done by spoofing the SSL certificate for the vlctim, however this can not be done completely as the vlctim will get a SSL certificate error warning message. Luckily in the most used version of Internet Explorer this message is just a simple blalla error, click here to continue and most users just ignore this and click ok. Now they are connected to the website but you can still see what they are doing! Congrads, you now (kinda) get how an ARP Cache Poising attack works & SSL Spoof attack. Step Two - Starting out (If you skipped step one youre a bad person!) A nice warning youll be doing all this on a school computer, please be careful not to get caught (what if someone actually knows what youre trying to do?! Oh noes!) No youre going to need to install Cain & Abel for doing this attack! This is a Windows hacktool with all sorts of fun built in! {{{DOWNlODE}}} oxid.it/cain.html Great! Now install the thing (Im not going to hold your hand on this as its really straightforward, just say yes to installing everything) Eventually you install everything and you start up Cain, please be sure youve allowed it internet accept if Windows prompts you for it. Now, youre going to need to click the sniffer button in the top left corner. Its looks like this servimg/image_preview.php?i=305&u=12536600 This has started the sniffing process where your computer will capture any traffic that it sends/receives. At this point this is only the websites you visit but you want to see everyone elses internet activity aswell! Step Three - Gathering vlctims! Now we are going to get a list of all computers currently on the network so we can poison them. To do this go to the sniffing tab as show below servimg/image_preview.php?i=306&u=12536600 Now youve got to start the ARP Cache poising. Click this button servimg/image_preview.php?i=307&u=12536600 Great! Now you need to select some computers to poison. Click the + button to add some computers to your list servimg/image_preview.php?i=308&u=12536600 The following box will pop up servimg/image_preview.php?i=309&u=12536600 The default settings are perfectly fine, so scan everyone on your current subnet (which means everyone whos behind the same router/switch as you) Wait for it to finish scanning, once its done move on to the next step. Step Four - Poising some ARP Caches! You are now going to direct everyones traffic through your own computer so you can see what they are doing and steal their online passwords! Click the following tab: (Bottom left) servimg/image_preview.php?i=310&u=12536600 Now click the Click the + button to add some computers to your list of to poison servimg/image_preview.php?i=311&u=12536600 This window should now pop up servimg/image_preview.php?i=312&u=12536600 Now youre going to want to select the first IP address on the left, this is the router address so you can capture all data being sent to the router. Then select EVERYTHING in the right column. (Read the warning in the image above about selecting to many vlctims to poison!) Then click OK You are now intercepting all data on the network! Pat yourself on the back! Youre screen should look like this servimg/image_preview.php?i=313&u=12536600 Step Five - Viewing intercepted data Great now that youre intercepting traffic youre going to want to view all the passwords youre stealing! Click this tab: (Again, bottom left) servimg/image_preview.php?i=315&u=12536600 Now you see the following servimg/image_preview.php?i=316&u=12536600 Those are all of the different types of passwords youre currently capturing! Since youre trying to get the online school grading passwords, click the HTTP section. Now you can see all the passwords youre capturing in realtime servimg/image_preview.php?i=314&u=12536600 Wow thats cool! Now just wait until a teach logs onto the online grading system and youve then captured their password! Important - Read this Something important to remember is that Cain is currently only capturing password data that it recognizes. It may not understand what data is a password and what isnt. You can specify what you want Cain to capture by clicking the Configure button at the top: See this link for image: {{. i.imgur/u2J4d.png }} (max number of images in thread is 15) You should see the menu below, go to the HTTP Fields tab and select everything in the top column and Removal all do this for the bottom section to servimg/image_preview.php?i=317&u=12536600 Now you need to know the field names for the username and password of the school grading system. Go to the grading login page (if you dont know the URL just grab it from the data above). Now you want to view the source of the page (Ctrl + U in Firefox) Look for something like this Code: SELECT ALL As you can see the two fields are txtTeacherUsername and txtTeacherPassword So now go back to Cain and add those field names in by inputting the field names and clicking the plus button servimg/image_preview.php?i=318&u=12536600 And click OK A nice little warning is that anyone who is connecting to a website via SSL will see this most will just click to continue servimg/image_preview.php?i=319&u=12536600 Congrads! You are now capturing only the school grading system logins (unless multiple websites share the same field name!) Then remember the logins, go home (hide behind a proxy!) and login on the website and change your grades say thankx by {{{ Jack }}}
Posted on: Sun, 24 Nov 2013 03:30:52 +0000
Trending Topics
Recently Viewed Topics
© 2015