Forum Thread: What Should I Do?

What Should I Do?

So i have gained access to an administrator account and access to all the student info for my school. I know that i should tell the administrators how i did it to help them protect the system, but people at the school have had all computer access removed because they ran ubuntu from a memory stick. I amworried that i will be punished severely if i own up because i have been accessing sensitive information.

What should i do?

Step 1:

11 Responses

You should walk around in circles, then do groceries after that install gentoo.

How about you suggest that it is a theoretical vulnerability you have stumbled upon, and omit your proof of concept.

Your school seems a bit far out - sounds like they're genuinely scared of people with computing knowledge. If i were you i would disclose it to them anonymously somehow, and if they fail to patch it or disregard it as a jokester, show them the hard way. Punish them. To me it sounds like they deserve it.

Hard to judge from a post like this though. Take careful steps, and if you do decide to disclose the vulnerability to them anonymously, via a letter or mail, make sure that there is no way for them to trace it back to you.

I don't think going ham on government property is the wisest choice, but hey, it's your life. Do whatever you want.

You're right, int 3h. We should go turkey instead.

Probably best to stay away from Turkey for the time being.

Use an online email spoofer after connecting to a VPN, then send an ambiguous email that does not reveal anything about your personality or such.

I'm working on a PoC for my school for a flaw in their password policy and will likely do the same, unless I'm confident that they will appeciate it.

Ask the administrators if you can try to perform a penetration test as it's something you are passionate about and have been teaching yourself in your own time. Tell them that it would be purely for educational purposes.

Generally they should be okay with that.

Then wait a week or so, and reveal your findings.

ghost_

can you backdoor the system so you can remotely access it? that way you can set up a file server that will stream porn to your whole school while your on spring break.

Depends on how much you care about that.
If you do, reveal it to them anonymously or personally, depending on how they'd react.

If you don't, and if you're scared from logs, say that you just came upon it by chance, or by mistake, and it should go fine enough.

If you don't care at all, go and make yourself a cup of cold coffee, and take some chocolate flavour biscuits with it. They're tasty together. Or you might prefer to do some moderate to intensive exercise, or doing that work you've been procrastinatinating. Try meditation. But just don't boast about your findings as long as you'd have toworry about it later.

~Chaos

Share Your Thoughts

  • Hot
  • Active