Forum Thread: Gained Access to Email, What Next?

I'm a high school student, trying to gain access to a teacher's account on the PowerSchool service. I got her school network password by recording her typing it in. She has reused this password for both her school-official email address and her personal email address (and several other sites), so I have access to both. However, she is using a different password for PowerSchool, and it also isn't the default password. PowerSchool claims that it's logging each failed attempt, so I don't think I can use Hydra. To reset her PowerSchool password, she needs to contact an admin, so that isn't an option.

So, does anyone have any ideas on how I can leverage access to her email account? I made a Chrome extension to record her entering the password, but then discovered that the school policy prevents her from syncing Chrome extensions on her official school account. I'm running out of ideas now.

9 Responses

Hacking into a teacher's grading/ student data software is a bad idea. Most high school system administrators don't seem like they know what they're doing, but they've got a good deal of experience under their belts. If you're caught anywhere near the gradebook program, you'll almost certainly be expelled, or at the very least suspended for a while. It's not worth it. You don't need to be in there, and if you're trying to change your grades, you shouldn't. You should learn it for real, and make good grades because you know the subject matter.

Also, if you wanted an answer that could work, you should've made your question hypothetical, and a little less specific. Nobody's going to help you in a public forum if they think they'll get in trouble for being an accomplice.

The lecture on grades is somewhat unnecessary; my grade in this class is fine and changing it was not my goal. I will keep your second paragraph in mind for the future though.

Greetings and no disrespect. You should just forget whatever you are thinking about and live life happy.

The fact you are asking what to do with the EMAIL shows you are not even close in readiness to act upon such INTEL. Try boot camp first.

If (you can=1) {have fun;} else {give up}.
It's called "security awareness" for a reason.

I've decided I'm probably not going to follow through on this project. But could you elaborate a bit more on what you mean? Is there some really obvious next step I could be taking; and the fact that I don't see it indicates I don't know what I'm doing?

It doesn't mean you don't know what you are doing, at least this is not what I mean.

I mean that we should be teaching security awareness, not making people able to arbitrarily hack anyone. I'm sorry if you misunderstood me, I didn't mean to be arsh. In these cases, at least based on what you've told us, only physical attacks are valuable, like installing malicios code on the machine via portable devices, however it depends on the surrounding contest. Look around you and find unconventional ways to solve your problem.

You need to have an end goal; what do you want to gain from this hack? Once your purpose is clear, you need to perform recon on the target.

Like Ciuffy said, you need to be creative about your approach.

I still think social engineering would be the best solution to this problem, it wouldn't even really be that hard. Does the teacher have any school related emails from administration or the people that run this PowerSchool service?

ghost_

Social engineering could work in this instance.

ghost_

If you have access to her PC, you can install a keylogger on her PC instead of a chrome extension like ChromeLogger and make the logs come to you. You can also run a usb stealer on her PC to steal her browser cached passwords.

Share Your Thoughts

  • Hot
  • Active