My challenge
My challenge
Dear suck-o,
I have recently been presented with a challenge by my friends. Let me brake it down.
Firstly, this challenge is taking place in my school, which means I have a very limited account. However I happen to know a teachers login details which means I can access a higher privilaged account, although it is not an administrator account.
Secondly, the challenge is simple. My friends, with more intelligence at computer skills have recently accessed a game 'Frets of Fire' on their student accounts. Which should be impossible unless they have twinked their knowledge and accessed it somehow. Although the game is not important, their knowledge of how to access it is important to me. It could lead on to bigger things.
The only HD's I should be able to access is the O: (student shared area) and H: (my personal area). However as I said before, I have access to a teacher account, meaning a lot more HD's are open to me. Although I have this teacher account, I may not need it as from my observation of my friends I have learned that I can use the program 'MuCommander' (or Explorer++) to access other hard drives, some that even teacher accounts cannot access.
This MuCommander allows me to access hidden files and the ability to right click folders (along with other benifits, just they are of quite importance). I know that they managed to install and play the game by installing it to the HD K: using MuCommander and then in a hidden folder within there. They then could access the game anytime using 'MC' as K: did not have any opening restrictions whereas H: has a lot of restrictions. This took me a couple days to figure out how they were accessing it (and between you and me, I 'borrowed' MuCommand off one of their accounts by using a teacher account to access it).
Once they found out I had figured it they chose to move the game and protect it. The moved it to a HD named P: and into a hidden folder in there. This was extremely easy for me to find as I did within five minutes, and with my hopes up I went to play Frets on Fire. I then came to realise their was a restriction on P:.
They have decided to be nice and place the game back in K: aswell as P: for their close friends to play (including me). However this is not enough, I simply must know how they have done it, they somehow have administrative rights on P:. I have discussed this matter with them and they know I'm on the case, and fair enough the do not mind that. Being gentlemen, they decided to give me a number of clues to their knowledge even though I asked them not to make it too easy.
These clues follow as such...
1."***.***.**.6
*a*a a**let
m*c
AND THE MEGA CLUE
*t***b****
The asteriods are for you to figure out.
And before you say thats useless, its better than no clue."
-------> Exact words. He has replaced some letter/numbers with *'s, thats what they are for. I persume this is some type of code, persumably C++ as my two friends are somewhat experienced in that language.
2."Explorer plus plus is only what we use for the interface
use a *a*a a**let
and learn how to write commands for msdos."
-------> Again the *'s are replacing letters/numbers. I do not know what he means by "msdos".
3."The clue again is
%run%."
-------> This may in my knowledge something either typed into a batch file, cmd or into a file search. I have seen them type it into something like C:/%run% (this may not be true but I have a vaugue recolection of them doing it for some reason).
4."That was the most usefull...
Cos it allows us to make 'buttons' to *** * *******"
--------> This could persumably mean anything.
The school's OS is XP, cmd is restricted on my account, but as metioned before, I have access to a teacher account where I can access cmd but the is a lot of restrictions within that. I also have access to my friends account and pretty much every students account.
These clue's that they have left me are all apparently to solving the challenge. As you can probably guess I'm not a wizz kid at computers but I'm also not computer illiterate. I am currently studying C++ but I'm not that advanced at the moment. Any help would be much appreciated, however I do not want the full story as I would like to figure some out for myself. If you could just point me in the right direction, that would be most helpful. (And sorry for the long post)
Most thankful, Greenweed.
I have recently been presented with a challenge by my friends. Let me brake it down.
Firstly, this challenge is taking place in my school, which means I have a very limited account. However I happen to know a teachers login details which means I can access a higher privilaged account, although it is not an administrator account.
Secondly, the challenge is simple. My friends, with more intelligence at computer skills have recently accessed a game 'Frets of Fire' on their student accounts. Which should be impossible unless they have twinked their knowledge and accessed it somehow. Although the game is not important, their knowledge of how to access it is important to me. It could lead on to bigger things.
The only HD's I should be able to access is the O: (student shared area) and H: (my personal area). However as I said before, I have access to a teacher account, meaning a lot more HD's are open to me. Although I have this teacher account, I may not need it as from my observation of my friends I have learned that I can use the program 'MuCommander' (or Explorer++) to access other hard drives, some that even teacher accounts cannot access.
This MuCommander allows me to access hidden files and the ability to right click folders (along with other benifits, just they are of quite importance). I know that they managed to install and play the game by installing it to the HD K: using MuCommander and then in a hidden folder within there. They then could access the game anytime using 'MC' as K: did not have any opening restrictions whereas H: has a lot of restrictions. This took me a couple days to figure out how they were accessing it (and between you and me, I 'borrowed' MuCommand off one of their accounts by using a teacher account to access it).
Once they found out I had figured it they chose to move the game and protect it. The moved it to a HD named P: and into a hidden folder in there. This was extremely easy for me to find as I did within five minutes, and with my hopes up I went to play Frets on Fire. I then came to realise their was a restriction on P:.
They have decided to be nice and place the game back in K: aswell as P: for their close friends to play (including me). However this is not enough, I simply must know how they have done it, they somehow have administrative rights on P:. I have discussed this matter with them and they know I'm on the case, and fair enough the do not mind that. Being gentlemen, they decided to give me a number of clues to their knowledge even though I asked them not to make it too easy.
These clues follow as such...
1."***.***.**.6
*a*a a**let
m*c
AND THE MEGA CLUE
*t***b****
The asteriods are for you to figure out.
And before you say thats useless, its better than no clue."
-------> Exact words. He has replaced some letter/numbers with *'s, thats what they are for. I persume this is some type of code, persumably C++ as my two friends are somewhat experienced in that language.
2."Explorer plus plus is only what we use for the interface
use a *a*a a**let
and learn how to write commands for msdos."
-------> Again the *'s are replacing letters/numbers. I do not know what he means by "msdos".
3."The clue again is
%run%."
-------> This may in my knowledge something either typed into a batch file, cmd or into a file search. I have seen them type it into something like C:/%run% (this may not be true but I have a vaugue recolection of them doing it for some reason).
4."That was the most usefull...
Cos it allows us to make 'buttons' to *** * *******"
--------> This could persumably mean anything.
The school's OS is XP, cmd is restricted on my account, but as metioned before, I have access to a teacher account where I can access cmd but the is a lot of restrictions within that. I also have access to my friends account and pretty much every students account.
These clue's that they have left me are all apparently to solving the challenge. As you can probably guess I'm not a wizz kid at computers but I'm also not computer illiterate. I am currently studying C++ but I'm not that advanced at the moment. Any help would be much appreciated, however I do not want the full story as I would like to figure some out for myself. If you could just point me in the right direction, that would be most helpful. (And sorry for the long post)
Most thankful, Greenweed.
Today
Just to let you all know, I found out how they have done this. It was pretty simple, they made it out to be complicated however it was not. They had just logged onto the teachers account, used MuCommand to open P: and changed the rights to it. I have now changed their restrictions to read only on all files so they will get a nasty suprise on Monday. Although, they will soon figure it out and just take the restrictions off, but it's fun anyway.
Even though I have solved this simple task, I would like to know if there is anything 'interesting' I could do with the powers I have (i.e. teacher account, Explorer++)
Thanks again, Greenweed.
Even though I have solved this simple task, I would like to know if there is anything 'interesting' I could do with the powers I have (i.e. teacher account, Explorer++)
Thanks again, Greenweed.
These clues follow as such...
1."***.***.**.6
*a*a a**let ========= java applet
m*c ============== MAC
AND THE MEGA CLUE
*t***b****
They also said learn to use ms-dos - so you can run programs or commands in the CMD to avoid admin constraints on the XP GUI
You can also assign rights to a specific MAC address of a computer.
Instead of making the file read only, next time make it hidden.
messing with the school network could get you expelled, so watch out.
DNR
1."***.***.**.6
*a*a a**let ========= java applet
m*c ============== MAC
AND THE MEGA CLUE
*t***b****
They also said learn to use ms-dos - so you can run programs or commands in the CMD to avoid admin constraints on the XP GUI
You can also assign rights to a specific MAC address of a computer.
Instead of making the file read only, next time make it hidden.
messing with the school network could get you expelled, so watch out.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- bozotheclown138
- Fame ! Where are the chicks?!
- Posts: 172
- Joined: 07 Feb 2009, 17:00
- 15
- Contact:
oh i only wish my school used windows i would wreck havoc on it, they only have one lab with windows and i got doom on their i used some wireshark for a little password and by the way its not monitored by anyone haha, but the majority are macs and i scared them by telling people how to make an admin account so they suspended a lot of people but not me and then i showed them a bluetooth trick which got others suspended but not me anyhow the people at the school know nothing from my experience as i have not gotten in trouble once
Thanks for that, I will do a little research.DNR wrote:These clues follow as such...
1."***.***.**.6
*a*a a**let ========= java applet
m*c ============== MAC
AND THE MEGA CLUE
*t***b****
They also said learn to use ms-dos - so you can run programs or commands in the CMD to avoid admin constraints on the XP GUI
You can also assign rights to a specific MAC address of a computer.
Instead of making the file read only, next time make it hidden.
messing with the school network could get you expelled, so watch out.
DNR
Also I am trying to watch my back, it also helps by the fact the school's I.T technition has an I.Q of an 7 year old. Anyway, thanks for the tips.
Another thing I was curious about was that my friends said they had found a weakness within teh basic Microsoft security. I am inclined to wonder if anyone else has heard about this? Thanks.
.... Just found out, apparently the m*c isn't MAC, thanks anyway.
Be careful - your friends may be using you as a diversion to their hacking. Its called hacking by proxy - they tell you what to do, in this case they likely just want to you get caught to divert attention from their activities.
Security weaknesses may not nessisarily be with microsoft programs itself, but in its settings to make it run with other programs. The admins might have locked down the window's GUI, but left the IE browser's FILE>Open>browse..
On the mega clue, at best considering the age group you are dealing with:
*t***b****
sTart Batch - I doubt your friends are at the level of overwriting stack blocks, so I believe they found a way to reboot or get the machines to start using a modified batch file to run commands of how to start up.
http://www.computerhope.com/batch.htm
Batch files allow MS-DOS and Microsoft Windows users to create a lists of commands to run in sequence once the batch file has been executed. For example, a batch file could be used to run frequently run commands, deleting a series of files, moving files, etc. A simple batch file does not require any special programming skills and can be done by users who have a basic understanding of MS-DOS commands.
A good example of a batch file for someone who is more familiar with Windows or the MacOS is to think of a batch file as a shortcut in Windows or an icon on the MacOS. Much like a shortcut, batch files could be used to run one or more commands and/or programs through the command line.
Another example of a very well known batch file is the autoexec.bat, which is a simple boot file loaded each time the computer is loaded on MS-DOS and early Windows computers. This batch file contained all the necessary commands and programs used to run MS-DOS and Windows each time the computer booted.
Again, I must encourage you to step back and observe what happens when your friends continue to hack the school network.
DNR
Security weaknesses may not nessisarily be with microsoft programs itself, but in its settings to make it run with other programs. The admins might have locked down the window's GUI, but left the IE browser's FILE>Open>browse..
On the mega clue, at best considering the age group you are dealing with:
*t***b****
sTart Batch - I doubt your friends are at the level of overwriting stack blocks, so I believe they found a way to reboot or get the machines to start using a modified batch file to run commands of how to start up.
http://www.computerhope.com/batch.htm
Batch files allow MS-DOS and Microsoft Windows users to create a lists of commands to run in sequence once the batch file has been executed. For example, a batch file could be used to run frequently run commands, deleting a series of files, moving files, etc. A simple batch file does not require any special programming skills and can be done by users who have a basic understanding of MS-DOS commands.
A good example of a batch file for someone who is more familiar with Windows or the MacOS is to think of a batch file as a shortcut in Windows or an icon on the MacOS. Much like a shortcut, batch files could be used to run one or more commands and/or programs through the command line.
Another example of a very well known batch file is the autoexec.bat, which is a simple boot file loaded each time the computer is loaded on MS-DOS and early Windows computers. This batch file contained all the necessary commands and programs used to run MS-DOS and Windows each time the computer booted.
Again, I must encourage you to step back and observe what happens when your friends continue to hack the school network.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: My challenge
First of all, tell your friend they're called asterisks. Second of all, there's no way you're stuffing C++ code in such a small amount of characters.Greenweed wrote:AND THE MEGA CLUE
*t***b****
The asteriods are for you to figure out.
And before you say thats useless, its better than no clue."
-------> Exact words. He has replaced some letter/numbers with *'s, thats what they are for. I persume this is some type of code, persumably C++ as my two friends are somewhat experienced in that language.
Here's what I think:
Code: Select all
/usr/home/g-brain
g-brain@Ares% wget ftp://ftp.openwall.com/pub/wordlists/languages/English/4-extra/lower.gz
--2009-11-28 19:15:28-- ftp://ftp.openwall.com/pub/wordlists/languages/English/4-extra/lower.gz
=> `lower.gz'
Resolving ftp.openwall.com... 195.42.179.201
Connecting to ftp.openwall.com|195.42.179.201|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /pub/wordlists/languages/English/4-extra ... done.
==> SIZE lower.gz ... 1385776
==> PASV ... done. ==> RETR lower.gz ... done.
Length: 1385776 (1.3M)
100%[==================================>] 1,385,776 435K/s in 3.1s
2009-11-28 19:15:32 (435 KB/s) - `lower.gz' saved [1385776]
/usr/home/g-brain
g-brain@Ares% gunzip lower.gz
/usr/home/g-brain
g-brain@Ares% grep -E '^.t.{3}b.{4}$' lower
atrributes
attirbutes
attleboros
attriblist
itssubfile
rtsgmbhnet
stainbrook
stansberry
starobelsk
steelblock
steinbecks
steinbergs
steinbrink
sternberga
stickboard
stonebrink
stonybrook
storebrand
storebytes
strasbaugh
strasbourg
strembicke
xtgrabnone
"Attributes" sounds pretty good to me
Thanks for the advice, quite a lot there. So you were right about it being "attributes", thanks for that. Also thanks for the rest of the advice too, here is an update to my situation:
Basicly, I have got a bit further and some of the things my friend has told me are
"Now you have to figure out what you need java apps and attributes for.
attrib /DIR +h +s -I
Very usefull for cloaking us from the ranger server manager"
"-i takes the file out the index, so it wont be searchable, and +h +s makes it hidden and makes it a 'system' file so it hides the file from the average user so they wont accidently delete it, you can do the same thing by right clicking and changing the properties- but theres no right clicking."
----> this one he mentions "no right clicking", he thinks there is no right clicking however I have found out how to right click/properties etc. Although I have not decided to share this with them for several reasons. I also already new about the content of this one, I just thought I would share it as it may give you more of an idea of what they are up too.
This one is most likely important:
"Another flaw I found was 'Limbo' Youll have to suss this one out for yourself.
Put it this way...... See More
Cmd dosent close when you are neither logged off nor logged on
Prehaps you could write a script that moves files to a drive while your in 'Limbo'"
I take it "Limbo" is quite vital.
'DNR' - Thanks for all the advice you have inputted, it has been greatly helpful, and yes thanks for the tip, I am holding back and watching their steps.
'leetnigga' - Thanks for that but may I ask, what exactly is the code for? It looks like the process the 'server' runs through when it connects. However as stated before, I'm no expert at all, so any help would be appreciated.
Basicly, I have got a bit further and some of the things my friend has told me are
"Now you have to figure out what you need java apps and attributes for.
attrib /DIR +h +s -I
Very usefull for cloaking us from the ranger server manager"
"-i takes the file out the index, so it wont be searchable, and +h +s makes it hidden and makes it a 'system' file so it hides the file from the average user so they wont accidently delete it, you can do the same thing by right clicking and changing the properties- but theres no right clicking."
----> this one he mentions "no right clicking", he thinks there is no right clicking however I have found out how to right click/properties etc. Although I have not decided to share this with them for several reasons. I also already new about the content of this one, I just thought I would share it as it may give you more of an idea of what they are up too.
This one is most likely important:
"Another flaw I found was 'Limbo' Youll have to suss this one out for yourself.
Put it this way...... See More
Cmd dosent close when you are neither logged off nor logged on
Prehaps you could write a script that moves files to a drive while your in 'Limbo'"
I take it "Limbo" is quite vital.
'DNR' - Thanks for all the advice you have inputted, it has been greatly helpful, and yes thanks for the tip, I am holding back and watching their steps.
'leetnigga' - Thanks for that but may I ask, what exactly is the code for? It looks like the process the 'server' runs through when it connects. However as stated before, I'm no expert at all, so any help would be appreciated.
Personally, in a hypothetical adjacent universe where I would spend this much time and resources on gaining privileges on my school's computer so I could go on facebook or something equivalently insignificant, I would start by finding these friends of yours so I could batter them so hard it would break the space-time continuum.Greenweed wrote:Thanks for the advice, quite a lot there. So you were right about it being "attributes", thanks for that. Also thanks for the rest of the advice too, here is an update to my situation:
Basicly, I have got a bit further and some of the things my friend has told me are
"Now you have to figure out what you need java apps and attributes for.
attrib /DIR +h +s -I
Very usefull for cloaking us from the ranger server manager"
"-i takes the file out the index, so it wont be searchable, and +h +s makes it hidden and makes it a 'system' file so it hides the file from the average user so they wont accidently delete it, you can do the same thing by right clicking and changing the properties- but theres no right clicking."
----> this one he mentions "no right clicking", he thinks there is no right clicking however I have found out how to right click/properties etc. Although I have not decided to share this with them for several reasons. I also already new about the content of this one, I just thought I would share it as it may give you more of an idea of what they are up too.
This one is most likely important:
"Another flaw I found was 'Limbo' Youll have to suss this one out for yourself.
Put it this way...... See More
Cmd dosent close when you are neither logged off nor logged on
Prehaps you could write a script that moves files to a drive while your in 'Limbo'"
I take it "Limbo" is quite vital.
'DNR' - Thanks for all the advice you have inputted, it has been greatly helpful, and yes thanks for the tip, I am holding back and watching their steps.
'leetnigga' - Thanks for that but may I ask, what exactly is the code for? It looks like the process the 'server' runs through when it connects. However as stated before, I'm no expert at all, so any help would be appreciated.
They're acting like they just watched "Hackers: The movie" a few hundred times in a row, which has them believing that giving clues that are so stupid, that reading them chips away at the little faith I have left in mankind, will somehow make them hackers.
But that's just me.
As for your conundrum; the way your friends are saying that 'cmd is never really off' is entirely incorrect. Or rather, it makes no sense. It's like replying with "I like oranges." to "How are you today?" It's just .. wrong.
However, what they are describing might be that when you plug a USB drive into a computer, when logged off, it might still get mounted, and if it gets mounted, it is likely that that any program on it listed to execute in the autorun.inf file that you can put on it will be executed.
This, of course, is a ridiculously insecure design, and I'm pretty sure vista and w7 don't do it. If it's XP, it might. Older, probably.
It's not just you, the friends in question seem a bit inane...IceDane wrote: Personally, in a hypothetical adjacent universe where I would spend this much time and resources on gaining privileges on my school's computer so I could go on facebook or something equivalently insignificant, I would start by finding these friends of yours so I could batter them so hard it would break the space-time continuum.
They're acting like they just watched "Hackers: The movie" a few hundred times in a row, which has them believing that giving clues that are so stupid, that reading them chips away at the little faith I have left in mankind, will somehow make them hackers.
But that's just me.
knuffeltjes voor mijn knuffel
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
Maybe the whole point is not trying to run facebook or something 'insignificant' - but this young person wants to learn about computers and networking.
While I agree that his friend's approach to hacking is juvenile, their intent to learn is there. The older, smarter members should foster the spirit of effort and see the real questions hidden in all the chaff. What we do to this person can lead back to his friends, and thus hopefully creating useful, educated people.
DNR
While I agree that his friend's approach to hacking is juvenile, their intent to learn is there. The older, smarter members should foster the spirit of effort and see the real questions hidden in all the chaff. What we do to this person can lead back to his friends, and thus hopefully creating useful, educated people.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
While wanting to learn is all well and good, it doesn't mean there aren't right and wrong ways to do it. Or rather, better and worse ways to do it.DNR wrote:Maybe the whole point is not trying to run facebook or something 'insignificant' - but this young person wants to learn about computers and networking.
While I agree that his friend's approach to hacking is juvenile, their intent to learn is there. The older, smarter members should foster the spirit of effort and see the real questions hidden in all the chaff. What we do to this person can lead back to his friends, and thus hopefully creating useful, educated people.
DNR
I don't understand why someone would want to do what he's trying to do, whether it be for learning or access to porn sites. It is much better to do both at home. Especially the latter.
well as a mod that has access to the poster's IP, I can tell you he is smart enough not to access the suck-o forum from his school network.
Yes, I gave up trying to understand why people have all these different approaches to learning or teaching. There is never a good why, so I just focus on the how.
DNR
Yes, I gave up trying to understand why people have all these different approaches to learning or teaching. There is never a good why, so I just focus on the how.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.