Forum Thread: Hacking Workshop in School

you could make a phising site. trick the judges into typing their password and username to a site. And there you go, the password will be send to your email. It's proberly the esiest social Engineering that i know.

your welcome :)

Long ago, a pentester eavesdropped on a computer in the LAN of the school revealing employees not doing their job.

But I don't think that's the case. Hacking people's mobile as a competition? There won't be much variability, and definetely won't be funny (neither easy, as you know you need to be very highlevel to do that in an innovative way)... Aldo difficult to organize in practice!

You could setup a chain of vulnerabile services (like metasploitable) and see who is faster, adding some levels of difficulty and them at the end ad a conclusione showing all the differenti ways you could compromise the environment. However, you should tell us more about the skill level of your companions.

Personally, I don't like competitions. Try to do something all together, like working on code or presenting each one a differenti topic about hacking.

There are no companions... just me... there are like 5 people in the school that know that kali is an os... and neither of em know about it..

So its just me...

For the mobile... I was thinking just asking them to install the app and tell em that someone can make em install the app via social engeneering...

And yea I like hacker1 idea but we dont have a wifi or internet in school that the principal will let me access so it has to be offline...

CIUFFY yea I see wjat ur saying but considering my school doesnt know really less about these matters .. they r just facebookers....

So something easy and cool maybe wud be really helpful...

And if u cud point me to a tutorial for doing the required... ill be realllyyyyy grateful...

THANK U VERY MUCH... I LOVE THIS COMMUNITY

Glad you are excited about Null Byte ^^"

Are you like, trying to setup a stand and demonstrate hacking to people? Well, there's plenty of stuff vere you could think of.

Look for something easy but impressive! Some tools are built just to demonstrate how easy hacking is, like Subterfuge. Bring some computers and an ap or a mobile with LTE hotspot and show them a MITM, trying to explain techniques, tools, specific terms and security and morale issues.

Just remember that you are helping security awareness to grow, not trying to look cool, so show them how their usual superficial behavior may be harmful for them, that would be impressive ;-)

Yea I know im helping security issues awareness... but trust me if I dont look cool... theyll not listen to me and theyll just be sitting making lame even dirty comments (lol)... and trust me what im saying is true cause ive experienced it around me when I was in workshop...

But for mitm and all u need internet right... but we dont have internet and lte is really slow where my school is... there is like almost no connectivity there...

So ill have to stck to offline... as far as I know right now I can only do a phone hack using payload.... can u tell me anything else can I do?? (Cool wud be helpful but anything helps just fine too :) )

Thank u very much ;);)!!

I thought hacking Bluetooth was something kids like me did years ago on symbian phones? :P

Now serious: does bluetooth hacking still work?

Yes, because it's still working like those days. Too bad still exists.

I like your initiative... as Indian schools need it....

how will be the idea to make some crackers with python or something, if you are saying you have to be offline...
as much I know about your school(from your saying) it must be not-so-high level.....

Cracker hacker.. I dont want to look cool... im just saying that if the things I perform on the stage dont look cool a little bit... the students will not pay even a little attention... thus making the whole idea of the workshop ineffective...

Shadow india and cracker hacker... if u cud point me to some tutorials for the same id be really helpful... or atleast poimt me to a place to start... ill work my way from there.

Thank u for ur help and time!!! ;);)

"The applaude of the artists is more worth to you, than that of the great masses." - Robert Schumann

What we are trying to say is that this is not a game. You don't have to amaze, you have to warn. My best guess is still going for Subterfuge in LAN. But if you have a so not-caring "mass" then praftical exploitation and compromization of a system is too long and requires volounteers.

Most won't even know what a shell is! You are looking for password cracking. You can't appreciate art if you don't know the rules. People are selsfish and will care only If it's about their security and private data.

Still remember your post on Subterfuge. Was like a year ago ....
Time flies.... ah .....

Hacking isn't meant to make you look cool, it even looks boring when movies crack passwords using gemoetric shapes. It's just fun when you know what you're doing.

I think that if you can get a Wireless AP (or a mobile phone with that can become a wifi hotspot, as mine does) connected to the internet, you could make a small wordlist containing it's password, crack it with Wifite (it has colours, amazing!), and then start capturing traffic with Wireshark.

Then, use another computer connected to that network to navigate to some unencrypted URLs, then stop the capture, File > Export Objects > HTTP, save all the objects, and then show them how easily someone could see what they're doing if they're not using a VPN, at least.

Is that the kind of show you'd like to show them?

Or try to strip HTTPS with SSLStrip+/2 to show that "secure" isn't that secure (doesn't always work anyway).

" 'Secure' isn't in my vocabulary." - Random person who's name I forgot.

I totally get what ur saying.. I myself dont want to look cool... what im saying is that if it doesnt amaze then... they wont pay attention... and if they wont pay attention.. then their is no point even in doing the workshops right??

What I want to show them is real basic... like if u sit in a cafe and use wifi ur vulnerable... if u open links and install apps from unknown source ur vulnerable... tell em a little about social engeneering consequences...

After reading ur suggestions.. what ive finalized is -

1. I will ask a teacher or judge or student to run the app assuming that he thinks he's legit... and then show em that I can snap a pic or record or anything...

I know about this stuff

2. Ill show em some examples of pages for phishing and ask em which one wud u click... then ill show em a facebook login and show them their password..

This one I dont know how to do so and need help :)

3. I will make my laptop an ap and get some data from them..

I dont know how to do this too and need help for this ;)

THANK U ALL FOR UR TIME ;);) !!

I have made a tutorial just for the social engineering part you need help with. It will help you do exactly as you want. As for making your laptop an access point, you'll want to use Mana or Arial to create an evil twin. (Spoilers...)

Thank u everyone!! I love u all!!!
Really appreciate all of ur help!!

Yea lol im not gonna breach the school... Im not that advanced and their is nothing to breach in the school lool...
So ill setup a projector and my laptop with kali...
Hack a phone... show a fake fb page... hack phone again with twin ap...
Voila!!

Thank u all!!

cracker... thank you so much... I needed that tut... on social engineering

You're welcome! :)