Forum Thread: How to Hack School Server ?

Hi all,
I'm beginner but i need learn how to hack server and get key from database.
I haven't enough time to learn too hard, so can you tell me ?
I have 32h from now.
help me. Tks all for reading.

10 Responses

I read but don't understand. :/

If you could just provide us more information to go on. It would make it easier to answer your questions and give you tips.

Th3skYf0x

I would love to know how to access the online learning system called Blackboard. Tests are administered online and are multiple choice questions. I don't want to steal your post Hidren, but I'd be interested to know if there is any way to reveal the correct answer via simple source viewing tools like FIrebug. Cross site scripting is relatively impossible with my knowledge on the topic (as well as the highly encrypted tokens paired with cookies that are checked, rechecked, and check again before, during, and after submission of the test). If the radio buttons could somehow be unmasked that would be fantastic. I actually have the "assessment.js" file of the executed script that I recorded while taking a "practice test" which is in the EXACT format as the real test (they are actually real test from previous semesters, just ungraded and no time limit). What do you think? Is this possible to pull off? Maybe a server-side timer "stop script" or somehow utilizing a simple js alert to narrow down the correct radio button?

what website is it?

-Everything is possible with the right knowledge and dedication-

Th3skYf0x

you are welcome,
I really want study about this, but i'm beginner, some people here can help us.

In order to access the website's content you must provide login info (which I obviously cannot provide publicly).

Through my research so far:

  • They have their web server hidden, but I'm assuming its an Apache (Red Hat) version because of some other research I've done and previous un-hidden webserver reports from netcraft.com
  • The OS is some sort of Cisco OS (not familiar with that)
  • nameserver: extns1.clemson.edu

SITE SECURITY

  • Public key algorithm: rsaEncryption (2048 length)
  • Signature algorithm: sha1WithRSAEncryption
  • Serial #: 0x3b0c111b8475c6105582db4c5838f1fe
  • Cypher: RC4-MD5
  • Version #: 0x02
  • POTENTIAL VULN

---TLS renegotiation RFC 5746

SITE'S TECHNOLOGY
{server side}

  • SSL
  • Java Servlet

{client side}

  • Javescript

{HTML compression}

  • gzip

Info gathered from NMAP so far:

---1xx.1xx.2xx.1xx (site's IP)
--- netrange: 1xx.1xx.0.0 - 1xx.1xx.255.255

Some info from NMAPs "comprehensive scan"

TRACEROUTE (using port 1720/tcp)

HOP RTT ADDRESS

1) 12.00 ms homeportal (192.168.1.XXX)

2) 39.00 ms 1XX.1XX.1XX.XXX <--(That's me)

3) 39.00 ms 99.168.141.24

4) 39.00 ms 99.168.141.14

5) ...

6) 36.00 ms 72.157.40.146

7) 52.00 ms 12.81.44.64

8) 52.00 ms 12.81.44.55

9) 45.00 ms 12.81.104.178

10) 45.00 ms 12.81.34.1

11) 39.00 ms 12.81.105.99

12) 37.00 ms 12.81.46.63

13) 41.00 ms 12.81.56.4

14) 38.00 ms 12.81.56.17

15) 44.00 ms 74.175.192.58

16) 54.00 ms cr2.rlgnc.ip.att.net (12.123.152.110)

17) 53.00 ms cr1.wswdc.ip.att.net (12.122.3.170)

18) 49.00 ms wswdc03jt.ip.att.net (12.122.220.245)

19) 50.00 ms 192.205.32.30

20) ...

21) 50.00 ms 63-235-84-22.dia.static.qwest.net (63.235.84.22)

22) 51.00 ms 205-186-62-2.generic.c-light.net (205.186.62.2)

23) 50.00 ms xxxxx.xxxxxxx.edu (1xx.1xx.2xx.1xx) <-- (IP of Interest)

This is ALL obviously for research/educational purposes and would never be used to cheat/steal any proprietary information nor breach the Academic Integrity Policy set forth by the University. The information I am requesting is not for me, nor did I do the research in order to find said information, but am simply posting on the behalf of a curious party incapable of using the internet or any technology used and/or mentioned throughout this post. The curious party is mute, deaf, and blind and I am providing this service on their behalf. Any resulting illicit activity is purely coincidental and did not arise from any such inquiries posted on this website

Still interested in some insight from the more worthy individuals. I know you're out there...I would appreciate the guidance as I wonder into the wonderful world of grey.

Your post have a lot of information , Tks.
I don't know anything without your post here.

Hidren:

Some of the information uncovered cannot be divulged publicly due to the risk of it falling into the wrong hands. However, the information is always out there, you just have to look (and have patience).

Share Your Thoughts

  • Hot
  • Active