So i have gained access to an administrator account and access to all the student info for my school. I know that i should tell the administrators how i did it to help them protect the system, but people at the school have had all computer access removed because they ran ubuntu from a memory stick. I amworried that i will be punished severely if i own up because i have been accessing sensitive information.
What should i do?
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Dox Anyone
How To:
Exploit EternalBlue on Windows Server with Metasploit
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
How To:
Write an XSS Cookie Stealer in JavaScript to Steal Passwords
Rainbow Tables:
How to Create & Use Them to Crack Passwords
How To:
Hack Web Browsers with BeEF to Control Webcams, Phish for Credentials & More
The Hacks of Mr. Robot:
How Elliot & Fsociety Made Their Hack of Evil Corp Untraceable
How To:
Wardrive on an Android Phone to Map Vulnerable Networks
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Brute-Force FTP Credentials & Get Server Access
How To:
Use Kismet to Watch Wi-Fi User Activity Through Walls
How To:
Make Your Own Bad USB
How To:
Hack Apache Tomcat via Malicious WAR File Upload
How To:
Enumerate SMB with Enum4linux & Smbclient
How To:
Perform Advanced Man-in-the-Middle Attacks with Xerosploit
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
How To:
Phish for Social Media & Other Account Passwords with BlackEye
11 Responses
You should walk around in circles, then do groceries after that install gentoo.
How about you suggest that it is a theoretical vulnerability you have stumbled upon, and omit your proof of concept.
Your school seems a bit far out - sounds like they're genuinely scared of people with computing knowledge. If i were you i would disclose it to them anonymously somehow, and if they fail to patch it or disregard it as a jokester, show them the hard way. Punish them. To me it sounds like they deserve it.
Hard to judge from a post like this though. Take careful steps, and if you do decide to disclose the vulnerability to them anonymously, via a letter or mail, make sure that there is no way for them to trace it back to you.
I don't think going ham on government property is the wisest choice, but hey, it's your life. Do whatever you want.
You're right, int 3h. We should go turkey instead.
Probably best to stay away from Turkey for the time being.
Use an online email spoofer after connecting to a VPN, then send an ambiguous email that does not reveal anything about your personality or such.
I'm working on a PoC for my school for a flaw in their password policy and will likely do the same, unless I'm confident that they will appeciate it.
Jack has the right idea here.
Ask the administrators if you can try to perform a penetration test as it's something you are passionate about and have been teaching yourself in your own time. Tell them that it would be purely for educational purposes.
Generally they should be okay with that.
Then wait a week or so, and reveal your findings.
ghost_
can you backdoor the system so you can remotely access it? that way you can set up a file server that will stream porn to your whole school while your on spring break.
Depends on how much you care about that.
If you do, reveal it to them anonymously or personally, depending on how they'd react.
If you don't, and if you're scared from logs, say that you just came upon it by chance, or by mistake, and it should go fine enough.
If you don't care at all, go and make yourself a cup of cold coffee, and take some chocolate flavour biscuits with it. They're tasty together. Or you might prefer to do some moderate to intensive exercise, or doing that work you've been procrastinatinating. Try meditation. But just don't boast about your findings as long as you'd have toworry about it later.
~Chaos
Share Your Thoughts