How To: Bypassing School Security (White-Hat)

Bypassing School Security (White-Hat)

While following a tutorial on python recon tools, I found a new way to access the command prompt on a school network. While there are other ways of bypassing security, it's nice to learn use Python's OS library.

Simply use the following code:
import os
cmd = input("Command: ")
run = os.popen(cmd)
result = str(run.read())
print(result)

Got any modifications or found an error with my post? Let me know.

Note: If this works on your network, I suggest alerting your admin like the good white hat you are.

12 Comments

Neat workaround. Just a quick note to all Python 2.x users, the 2nd line would need to be changed to:
cmd = raw_input("Command: ")

TRT

Also, print is not a function.

A word of warning. It is highly recommended to use subprocess.Popen() instead of the OS module.

-Defalt

I'm currently debugging it. Thanks for the tip.

For this short script it really isn't a big deal. But overall I do agree, and for those of you who want to know why that is, someone has already explained it.

TRT

I'm a bit curious as to why os.popen() would not be recommended..

Have you tried it when CMD is locked out by sysadmin through regedit? Does it still work? Just curios.

@JackSea, what if said school admins have blocked the computers being allowed to run Python or Batch files? (along with hiding regedit)

My school can't simply because they have too many automated processes running and need batch files.

You could probably just resort to the old tactic of plugging in a bootable USB. There is always going to be a vulnerability in any network, you just have to find it.

Doesn't that have something to do with Firmware? Since the admins can't change anything in firmware?

I remember a friend of mine talking something about USBs bypassing the security a while ago, but never remembered what he said..

or use system in c/c++ and compile it beforehand

Wish i did read more at the forum before i went on screwing around in my school laptop... But also do you know anyhow about get in to BIOS on a school laptop? I have got local administrator rights.

Managed to screw up windows files, and need bios to recover a few days back. So that administrators at school wont notice i did this (hopefully), also if the school pc is domain controlled, do you perhaps know how i could sniff the laptop for passwords from domain administrators that have connected to the laptop via remote? I found a logg stating an administrator was connected via Remote late 2015, but the problem is i cant find the username for the connection.

Share Your Thoughts

  • Hot
  • Latest