I'm looking to gain access to a couple of teacher computers. They run windows 7 or 8, not entirely sure but I'll confirm on monday.
I can't get to their actual computer and hack it physically, so I'm gonna have to do it remotely somehow
I know their usernames and I could get their IP addresses, and if I had their passwords I could use a school student computer to login to their account. Or I could do something similar to this: http://www.hacktweaks.com/how-to-hack-remote-computer-using-ip-address/
Would it be possible to brute force their passwords in conjuction to the technique outlined in the link above?
If not, I guess I'll have to actually get their passwords. There's a small chance I could watch them do it and try memorise, but if there was a way to install a keylogger on their laptop without their knowledge, that'd be ideal. Is there a way to do this?
I'd appreciate any help anyone can offer me
7 Responses
Hi Shaverr. As I am sure you know, doing this without permission is illegal. Therefor I will presume you have full permission.
In order to remote desktop into another windows pc you must have this accepted on the target pc. This is not ideal for pen testing but if you can get your hands on a rubber ducky or a cheap arduino alternative, or even the wirless version which seytonic did a youtube video on, you can set the computer up in a matter of seconds. This is useful if the target leaves or is doing something else.
Once you have done this you may simply get the Ipv4 and your in.
If you need anything else simply ask. Hope I could help.
That sounds like a good way to go. I've never used a rubber ducky before - how do you set these up to give you remote access? Would it be a similar process if I used the wireless version seytonic had?
I'm writing a series on USB rubber duckys! Should be out in the next week or two
It is important to know your goal, as it is often not necessary to seize control of the entire system just to access an account.
If you can connect to the same wireless network as them, scan for open ports. Easy pickings if they have something stupid open.
Then, get their laptops to connect to you. Spoof a "google starbucks" network and get them to click on a link with a payload.
Of course, if the system you're trying to access is actually a web-based system, you could be doing all of that for nothing. You could simply go after the online account rather than the actual laptop. Be lazy, leave a small footprint.
Thanks for your help
I can connect to the same wireless network as the target computer, but how would I take advantage of open ports to get in?
The accounts in question are part of a network - as far as I know, any school computer on campus can access any account provided you know the login details. Knowing this, is there an easier way to get access? Could you brute force the password using another computer on the school network to gain access to the target account? How would you go about this if it could be done?
You sure could! Look at that, these are all great ideas. You need to scan for ports (fing) and then live-crack the password (hydra). Or you could just make a fake login page for the school's login and then deauth the legitimate wi-fi network. Create a fake AP with the same name, and redirect them to the fake login page when they try to do anything. Collect the logins and hopefully enjoy a few accounts rather than just one.
The fake login page and AP sounds like a good idea. Might give that a shot if I get the time - the ability to snag a few different account logins is enticing.
I had a look at one teachers password today as he typed it in, and its piss easy. 7 characters, all lowercase letters. I'm pretty sure I could get it by the end of the week by setting up my laptop webcam to record him type it, or my phone or something.
That would give me his password, I already have his username.
I could use a school computer to then login, but its hard to get into a computer lab without a teacher. Plus, if they work out someones been in his account, theres camera everywhere so its a bit dodgy. I'd like to stay anonymous.
Whats the best way to remotely and anonymously get into his account? And what would I then do to copy some files to a usb?
Thanks for any help you can offer
Share Your Thoughts