Forum Thread: Hacking into a Unix School Server

Sorry for seeming like a complete newbie. I was looking at a tutorial on how to get access to a school's exams. I figured out with xprobe2 that it is running HP UX 11.0x. I was wondering if anyone could explain how I could find the exploit for this Unix version? I've looked at other tutorials but they involve using Backtrack and I'm using Kali and I couldn't really figure it out.

22 Responses

Using Backtrack or Kali doesn't change anything. You can use any Linux distro the only thing you have to do is to download the right exploit and exploit it correctly, which means understanding what you do, including breaking laws.

I was referring to that tutorial but it refers to Windows 7 server. I did more recon on the school server and found it runs Solaris 10. I'm just trying to figure out how I can find the exploit for the system like the one used in the tutorial

Jane:

Open the Metasploit console and type;

msf > search type:exploit platform:solaris

That will find all the Solaris exploits in Metasploit.

OTW

Thank you so much! There are a lot of exploits. Would there be a particular one I'm looking for? Actually, the same directory /exploit/windows/smb/ms08067netapi from part 1 of the tutorial is also on the list of exploits. Would that work the same way?

No, that won't work. That is strictly a windows exploit.

Jane:

If I were you and new to hacking, I would be very careful. A lack of experience and skill will likely lead to your being detected and caught.

OTW

Is there a way to find an exploit that would work on this server?

Greetings, IMO with out foot printing this network I would go for a reverse shell if I'm inside the switch perimeter.
Maybe sit on network as rouge AP try to MITM for credentials.
Maybe subterfuge it a little, Or ponit the nuke Msf at it.
Maybe check banners to see if open in another spot. So many different ways really.
Don't know would need to be there to see..

I Agree 100% with OTW you will probably get rammed for doing this without planning and info

You mean I would need to be connected to the network to figure it out?

Oh ok so we are talking Controllers, Switches, APs, IT Dept, Server Farm, Cisco Fire Walls etc... No Problem. You need to drop a pineapple in the switch room.

In all realness you can do what you want you just need to do it in a way wont have Homeland kicking in your dorm room door.

Lol, I commute so I'm pretty far from the actual campus. Sorry for being a noob but what does that mean?

Jane:

We really don't have enough info to tell what exploit will work, but have you checked out my Linux hack? There is a Solaris version of this exploit and depending upon the age and patch history of the server, it may work.

I will once again warn you that without some practice and skill, you are likely to be caught.

OTW

JANE DOE

I would advice you not to try anything if you are not sure what you are doing......you will get caught.

EVIL GENIOUS

I understand. If I am connected to a vpn server instead of a home server when doing this, are the chances of being caught reduced? Or are they still equal?

I was looking at this forum post

https://null-byte.wonderhowto.com/forum/hack-school-server-0149483/

However my school runs Blackboard and its main server on completely different systems. Would it be possible to get into Blackboard to access an account?

Wow I can't believe so many people are answering this post.

Jane, if you have to ask the questions your asking then basically you cant do it. If you knew what you were doing you would be asking questions such as, hey guys how come this is not working its a such and such and this and that and according to my information it should work.

it doesn't matter how you get in the system at the stage you appear to be they can track you.

edited:

Also not to mention its a school system, how many students do you think try to hack them every year. Do you not think this would be a difficult first project for you since they have had years to tighten their security?

Jane Doe:

As Jon Masters said, you clearly don't have the experience or knowledge to be able to do this effectively. Don't attempt it, you will be found out and face expulsion.

However, the choice is purely yours.

ghost_

I have to say something else,

I watch allot of forums and questions like hers are popping up all over the place, from what I understand it common this time of year. And in each forum they ask the same questions as above. They don't know what they are doing and want others to do it for them.

Here is what bothers me, not only do they get grades that have to be hacked because they will not apply themselves to their studies, they ask hackers to do their hacking for them. Again not applying themselves.

I could understand getting bad grades because your learning hacking and using your new skills to get better grades, but i can't understand, not knowing your lessons and not knowing hacking. Means your not applying yourself to anything but having fun.

Jon Masters:

Which is why I don't help them. I feel like it's the general instant gratification mentality people have and that aggravates me.

The other thing is how they think this will help them. I daresay there are physical copies of results floating around, so lecturers will likely see their 'results' and look into it. It's not just a digital format they're trying to fool, they're trying to get it past people who will use good old fashioned detective work to get an answer.

In any case, I don't understand why they think it will get them anywhere. I mean, there's literally nothing in it for me and I don't care if they get bad grades.

But I digress.

ghost_

Jon Masters

true

Evil Genious

Lol i dunno GHOST_ I do like bitcoins

Share Your Thoughts

  • Hot
  • Active