Where I was at school a while back (no, not very long ago - a few months), they used an internet filter aswell as the very secure MS ISA server.
[If anyone want to know about breaking/securing ISA, i'm quite prepared to help, however... I can't really be bothered right now to write a tutorial]
They used Surf Control's "Super Scout" to scan every URL that was passed through the ISA server and block anything that contained 'interesting' hostnames. Now over the years, I descovered various methods for circumnavigating these restrictions. Perhaps the most simple one, is to replace the URL's hostname with it's equivalent IP address. - Stupid as it may sound, Super Scout did not contain a database of malicious/inapproprate IPs, only hostnames.
[Can't resolve the hostame? - Use "ping"... or failing that, i've attatched "resolve.exe". (A further note, if your ISA blocks ICMP traffic - mine did! - you can resolve IPs online: IP to DNS convertor]
Another method to avoid the proxy is just to find an online CGI proxy that is not blocked - these are always popping up, and the admin team are going to find it very difficult to keep tabs on them all.
Once you've got bored of all of that, it might begin to interest you in what everyone else is looking at onlie! - It can provide some quite juicy gossip
The Super Scout progam will run on the school's ISA server, or what ever other internet traffic router they are using, and operates with an HTTP server on port 8888 that enables uses to view Super Scout's "personal" files - this can be accessed by anyone on the local network.
Ok, so a quick browse to:
http://<target>:8888
...will show all of the files in the Super Scout directory on that computer.
However (and this is where things get a little more interesting..
) the web-server is vulnerable to "directory traversal" and therefore:http://<target>:8888/../../../../
(you may have to alter the number of "/.." to get the results) ...will show you the C:\ of the school's internet router. A few clicks later, and you've fully explored the computer, including what's on Admin's desktop
. But after a few minutes, it's a little dull, I mean... This stuff just isn't juicy.Well (in my case) the ISA server kept a log of all the sites that the router visited with a log of which local network user requested it, and at what time. The files were kept in the MSISA directory and in the following .log format: "WEDEXTD20030901". All one needed to do, was download the 100mb-ish file, rename it as a .txt and open it with MS Access or Ms Excel (Excel can only open a max of 12mb-ish, so you'd have to split the file).
After a few days of intriguing finds of people on less than flattering websites, I hit the jackpot: A teacher! - I'll leave the rest to your immagintion...
Warning: I do not advise anyone to actually reproduce this, you do not want to know!
(Aas always, I am in no way endorsing any illegal activity, meerly expressing an interest in computer security, and hoping to share my opinions and discoveries with equally interested and intelligent people.)
-Not sure if any of this will be usefull,
agamemnon
