This is general information on high school security. This small guide is intended for newbies. If you're not a newbie and don't feel like wasting your time, then stop reading now.
You need information, so here it is. You would like to test the security at your high school. Here are a few tips.
1. Try getting external access through telnet (Good luck here because very few schools are connected in this way (through the internet) because of security issues. However, this will most likely not work. Although, as time progresses, expect this method to become more common. But not yet. On to #2).
2. War dial to find the dialup phone # to the school's computer. I have done this before and successfully found the dialup to an elementary school and some sort of network system that had a real shitty prompt whenever you dialed it up. Something like ABC2300. Once I cracked the password to this prompt, the access level seemed like it went one step higher and the prompt turned into ABC2300#. A number sign showed up at the end of the prompt. I am just telling you what I know from my own experiences with this sort of thing. I have not been able to hack into the school server yet because whenever I dial the number to get access to the prompt, I will try to login to a server using the login command (I forget what that command is), but I get a shitty error saying "No server currently available" or something like that. Cracking the password to this type of prompt was a snap. I actuallly guessed it on the second try. Such a password to a dialup of this kind can be either very obvious or extremely difficult. It all depends on how secure the admins/idiots want their information.
2a. If you have found a dialup that you think is the correct computer system, then try a logging in and see how many tries you get and what system keeps tracks of logging in. Look for any default or non-password protected accounts, etc. If you can do this late at night, then do it. Many admins are not awake. You get the idea. A good way of deducing if you have found the correct phone number or not is to look at the last three digits. If the school's main number is something like 555-5000, and you have found a computer with the number of 555-5123, then there is a good possibility that the 555-5123 number might be the correct one. Obviously, you would see that they have the same extensions. Use common sense with this sort of thing (saying this detailed crap is really only for newbies).
3. Scan with a logical dialmask. If you have never scanned before, then you have a lot of work to do. So as soon as you are done reading this section, get to work! This kind of shit takes time! If you're lucky, you can scan an entire prefix (a prefix being the first three digits of a seven digit telephone number)in a month or less. You can only do it in a month or less if you run a war dialer something like eight hours a day every week day.
Start the scan with 555-5XXX if the school's voice line is 555-5000.
555-5XXX is 1,000 numbers dialed.
If you were to scan 555-XXXX, that's 10,000 numbers dialed.
I think you should be getting the idea by now. Scanning can be tricky. Sometimes the phone company doesn't allow it, so be careful. (If you don't know what scanning is, then you are obviously a newbie. Scanning is dialing SEVERAL phone numbers to find computer modem dialups. There are computer programs that do this. Wouldn't it suck if you had to dial all those numbers yourself? I have what I think is the best scanning program. I did not write this scanning program. The program is called THC-SCAN. You can get it off of THC's site or you can get it from my home page.
4. What do you do before and after you scan telephone numbers? You need to get your own phone line. Kids, if you are thinking of using your parents phone line, DON'T! Why? Let's say you dial 3 hundred numbers in a scanning session. Afterwards, the phone number you dialed from is on 3 hundred caller ID's. People will call you back asking you why you hung up on them. If you don't screen all those return calls, then your parents will. Naturally, your parents will ask you what you've been doing with the phone. Looks like you're busted. If you want to use your parent's phone line, then take precautions. For example, unplug all the phones in the house or turn the ringers off. If your parents happen to be going out of town for a week, then scan for the first three days they are gone and then relax the next four days. This way you have time to screen all the paranoid idiots whom you have called with the modem and hung up on. People are very stupid when it comes to this. They see you on their caller ID and wonder who from that number might have been calling them. Believe it or not they will actually call back and ask something like, "Did someone call for me from this number?" This has happened to me before and when it does I always tell these curious people that they have the wrong number. Then I hang up on them. They will usually call back and try to talk to you again. At this point you can say something like, "Who is this? I don't have time for these games." Then you spit out their phone number from your caller ID and if you're eccentric enough you even threaten to report them to the police because they are making prank calls. It helps if you raise your voice, too. Right after you tell them something like, "Stop prank calling me!", hang up on them. They usually don't call back after that. But if they do, just let it ring. If they call again after that, then this time pick up the phone and say something like, "It's not funny anymore. Please stop. Don't make me take legal action." Another strategy to use is pretend like you are a telemarketer. When they call you back wondering who was calling them, tell them your name is Bob and that you would like to sell them a lawnmower. The best strategy to use is call a phone number you know doesn't work and record the automated operator saying something to the effect of "I'm sorry, the number you have reached has been disconnected." Once you have recorded that message, put it on your answering machine. When people call you, they will hear "I'm sorry, the number you have reached has been disconnected." I think you get the idea. Just be careful. Another thing to take into consideration is to make sure you don't dial your local police department or other government agencies. By the way, I thought I would include these tips for scanning because I have been busted by my parents before.
Another technique for access to a phone line that needs to be mentioned is something called beige boxing. This is basically using someone else's phone line to do your wardialing. For instructions on how to build and use a beige box, click here.
5. Know the system. This is very crucial to the hack. If you know the system and how it works and how it doesn't work security wise, then you can hack inside, no problem.
5a. Many intermediate schools, high schools and universities love to use NOVELL networks to run their computer classes/labs as well as keeping student records. A common database system the intermediate schools and high schools use is SASI. Many of them use this. This SASI software is NOVELL compatible and IS vulnerable to a hack. If you have a four digit id and a six digit id that was given to you, then chances are your school is using SASI, but otherwise you're on your own. SASI is my only experience when it comes to hacking student records. It's how I was able to retrieve every principal's and teacher's social security number in my high school. If you know of a school using SASI, then download The Unofficial SASI Hack Guide and you can read how to do the same things I have done. Things like getting all those juicy social security numbers, getting every students phone number, getting certain addresses of certain people and, of course, changing your grades! By the way, almost no universities use SASI. There is only one I know of that does. That would be the University of Wisconsin in Milwaukee. I am currently working on university databases. Stay tuned.
5b. If it so happens that they are using NOVELL networks in the computer labs, then chances are you can access the server with student records on it. (This is how I did it in my senior year of high school. I have since graduated. Guess why. I had to do this with my teacher in the class room. I do not recommend doing it this way. If you can think of another way in, then by all means, do that instead of what I did. I was almost caught several times. Sitting in a computer lab, in a high school, with a teacher in the room that walks by your workstation every now and then is not the way to go. I must admit though, my balls are bigger because I got away with it under those conditions!) If they are using NOVELL, then get the Hacking Novell Netware FAQ by Simple Nomad (Simple Nomad, if you are reading this, thank you). Because, of course, getting access to the server requires breaking into it. The odds of your school running NOVELL servers is probably about 80% to 90%. Go find out.
Until you know more, don't bother me with newbie questions.
Happy Hacking,
m2mike
The return address should be m2mike@yahoo.com. Let me know how things are going. But do not ask me to help. I don't do requests.
This is free information. Please feel free to distribute it.
Anything you can add to this meager guide will be gladly accepted and appreciated. Unofficialy, this is a guide on how to hack a school's computer in order to access student records (and maybe even change some grades). Please send any tips, hints, etc. If you wish to remain anonymous, then say so. If you would like the credit you deserve, then say so. I hope this has been of some use to you.