College's Exposed

Ok today I was sat in the library with nothing to do so I decided I would write a tutorial on how to exploit your colleges network system and try to gain administrative rights, run programs under administrative rights and learn to use batch files to help you, find information you might need about college's system. Personally I do not use this against my college to damage them but I use it so I can do my work at home, so I have installed several GUI backdoors so I can access my work whenever I need it to help me get though my GNVQ Intermediate ICT Course. Ok Lets start off the tutorial with some basic information.

This tutorial will teach you how to :

1. Run Command.com With administrative rights
2. Using msn messenger in college without installing anything

Ok So lets get going , on our 1st step we will be learning how to use command.com with full administrative rights to allow you to add users / delete users on ur workstation PLEASE NOTE we do not accept responsibility for anything that happens to YOU. Ok simply press ctrl alt and delete, click Task Manager, then click file, Then choose new task, then type command.com, ok sure command.com will open but one problem, your college network technicians will have logged what you have ran. So that's not realy good if you want to do some thing undetected, so here we go, for this step u need Visual Basic (Any Version Will Do) , Most Colleges have this installed on 99% of there pcs, ok so simply open up visual basic then choose basic standalone executable, then a little grey form will appear, simply double click this form, a little white box with a load of stuff init will come up, simply replace the On load even with this,

# This Is Open Source Code
# Coded By MiS5iON
# For GSO

Private Sub Form_Load()
Shell "C:\winnt\system32\command.com"
End Sub

Ok replace the old stuff and put that in, now simply run the program and oops what pops up a little command prompt box, now simply issue ur commands and ur away!. Enjoy

Ok tutorial number 2 is a little different but I know this one is a killer for every 1 this 1 is very simple, go to a free dns provider, on this tutorial I will use http://freedns.afraid.org , so all you do is simply make yourname.freedns.com and point it to http://e-messenger.net , because e-messenger is blocked by your default college firewall so your away login n chat, btw don't forget to add beninuk@gmail.com to ur list!

Have fun and enjoy

BeNiNuK
(MiS5iON)

nice tut man keep up the good work.

How does this open a comand with admin rights?

Yeah..!!!
I have read this somewhere else too..
Anyhow..nice
~Regards
FM

LOL you are a funny guy

I know the problem, accessing the command promt is hard but not impossible. anyway its simpler then you explained :>

I sat on a pc in my school with novell client. i wanted to get into the command promt but there was no "Run..." in the start menu, strg+alt+del was disabled... but noone does own passiw! not even a gay novell client:

1- rightclick on desktop -> new shortcut
2- dextination: cmd.exe or command.com
3- doubleclik ya shortcut :>

heere we are. you have no admin rights, but your 3-line vb-code does not gain admin rights, too this is (sorry) crap.

Btw: to access the control panel from console in winxp, enter: services.msc

Btw2: Here I disabled the Novell client and rebooted Lol, noobs

Yea, what about when your right click is disabled? Huh? WHat you gonnna do then? And your not getting access to Services.msc, and control panel has nothin to do with it. Stop bashing

heh....should see my school...

they use novell..

Run is disabled
right click is disabled
you can do alt, ctrl, & del, and run task manager... But you cannot start new tasks..

You can't browse for the C: drive however you can get to my documents.

you can boot into safe mode of course, but i don't know if thats locked down. the "Bad guy" head tech was walking near, so i had to reboot before i was fully in safe mode.

darn locked down secuirty measures

Well guys I feel pretty stupid right now. I got caught today lol !! been to see the director of studies and my housemaster and gotta see the head and IT technician bloke next week. I laughed my ass off!! None of them know what they are doing.

Anyway I hope this can help you (dont blame me if you get caught). I have to turn over the source to this next week so it will probably be fixed real soon (on RM anyway).

Oh one last tip, in microsoft word goto tools --> Macro --> Visual basic editor

then type the code above (or declare shellexecute() if you want to run non exe files).

I removed the attachment as I realised I had put my full name thier, I will modify it (im adding a task manager) then reupload it.

Anyone have a clue as to what the attached birun.exe in the last post is? Im getting a little curious. Good tip though!

a nice tip is to simply after gaining a shell use one of the many exploits out, (if the boxes are 2k,xp or whatever is exploitable). A faster tip to exploit unpatched 2k/xp boxes is to host an ftp or web server somewhere, or maybe even send it to an e-mail. The whole point is to run the file from the site (saving it to temp) and it should execute fine, some good exploits are the Utility Manager exploits , both 1 and 2 depending on how patched the box is, those will give you a shell with SYSTEM rights. if all else fails and no one is watching get the sam and have phun.

birun is just a VERY simple my computer like program I made. One word of warning, today I got suspended for using it !! Im not (filtered) joking. They think giving me a long weekend (and then telling me that it doesnt even go on my record cos its not a serious offence) is a punishment !!

1. I get 2 days off (I have saturday school usually (but not this week))
2. Im gonna devote all that time to making more hacking tools ...

So use it, have fun. USE IT AT YOUR OWN RISK THOUGH. remember if your smarter than the admin, hes scared of you so hes gonna be out to get you and will be watching you.

Well, if you cannot start a new process, simply hijack the memory of another
process such as explorer.exe. The shell command simply calls commands
from the application layer as opposed to the user interface, therefore it will
have a tiny bit more authority than a regular user. Your best bet is to look for
Visual Basic or a C++ compiler on the machine, then simply execute command
in a preview mode as opposed to making an .exe and executing it. You could also
use the .job task sheduler exploit to create a .job that either binds a shell, or calls
command.com, this is only if they are not patched to MS04-022. If they are not patched,
the file will run the second it is on the machine, you will not have to open it. You could
also use the little Jpeg flaw if they haven't patched it. There are many ways to get in,
you just have to know their technology better than you know the back of your own hand.

We don't have VC on the machines, all that is there is microsoft office 2002? and frontpage.

Then use VBA, it will work just the same, it is built in to Office

I have s4ed that to so many people but noone listens !!

Well, due to the Forum rules, I cannot go into great detail, but MIT is still
vulnerable.

The organizations that you would expect to be the most secure are usually
the opposite. 4 months ago 4 XSS and 3 Php Include exploits were found
in Washington.edu. I am still aware of a couple XSS points in NASA.
RIAA has one that is so freaking obvious it is pathetic. 100% unsanitized
variables. Most of the passwd files with the hashes are found on .edu's
in my experience. Everything has a flaw, it is the job of a security professional
to locate and patch that weakness and/or take advantage of it.


Lamer: One who uses attacks such as Ddos or anything else that only involves
entering an IP and pushing a button. Also, the only one that uses the
term l337.

Claimer: One who tries to take credit for someone elses code, or claims that he
can do things such as hacking the CIA mainframe but cannot prove it.

Skiddie:One who relies solely on using the tools and exploits made by other
REAL professionals, and never uses their own knowledge.

Noob: Often confused with lamer, a noob is different. A noob is merely someone
willing to learn and earn their respect the right way.

Pro: One who can back up what he/she speaks, but doesn't brag about it. This
person knows their skill, and puts it to use. These are the people that find
the buffer overflows and other exploits. They are the ones that lamers and
claimers try to imitate. They are the real "Security Gurus". They do not rely
on what they have been told as much as what they already know. This
person has mastered a technology so well that he or she has became
smarter than the technology and can outwit it. Hats off to the pros.

Before you ask, I am not going to release any of the info I mentioned above.[B][/B]

does birun.exe actually run exe's with Administrative priveleges? How does it work? I don't understand, because when i run say a txt file, it opens it up in my window... even if I'm logged in a guest account. Maybe I'm just looking at this all wrong

you can just make a link in a word document to cmd.exe or command.com or whatever program u want to run, then just click it

convienent if your not always on teh same machine because u can just save your .doc

Ok the reason I built this program was for home use but then when I took it onto a network at school I found that it could access all of the shares for the staff. This is when I got caught, I would love more info on how far it can go. Anyone after the source then I will probably post it at some stage (its in VB) I just dont want to have it fixed before its even started working.

i found a new way to view C:\ with gui just simply, make a shortcut to C:\ and ur buzzin

All god ideas in here

@BeNiNuK

yours works fine, on our campus computers, just tried it.

we have no run, no ctrl+alt+del , the shortcut to cmd and command.com are locked .. due to admin rights .. lol


this is fun =)

mayB hxxp://webmessenger.msn.com isn't blocked yet
and here are 2 (verry popular) other free DNS Providers:
hxxp://www.no-ip.com/
hxxp://www.dyndns.org/

for the rest.. i dont have mutch time to mess @ skool with the PC's but i know i can't write to the C:\ drive
but the D:\ works fine

im in a high school and i use msn without installing or doin anything:
http://www.msn2go.com
very easy to use
never had restriction problemes on it ^^