Alistair Wood, I Make Weapons at My Own Shop.
Répondu il y a 9w · L'auteur dispose de réponses 85 et de vues de réponses 281k
I hacked my school.
I know I’ve written about this before, but it’s a good story so bear with me.
Last year, I decided to attempt to hack into my school. (I was a sophomore in high school at the time.) My goal? To control the security cameras.
I started researching the network, looking for clues partout. I live-booted and took restricted files, listened in to teachers and staff talking, photographed any official-looking document, did my fair share of social-engineering, visited each and every link on the school’s website, and so much more.
I compiled essentially a gigantic puzzle. By gathering all this info, I was eventually able to gain access to several accounts. From those accounts, I delved into the network, searching with my slightly-elevated privileges.
I found a few computers that weren’t quite locked down, and leveraged them for information.
I used an innocent-looking USB to grab passwords from a teacher.
It went on for 3 months, and eventually I gained access to the absolute highest level account in the entire school district.
This gave me access to everything. Cameras, reports, security protocols, maps, financial info, student info, and tons more.
This seems like a bad thing, but just remember that I deliberately didn’t use any exploits or harmful code. This was just me trying to get info in the least invasive way possible.
I will use this info to help secure the network. I’m planning to tell the tech guys when I get back to school about their gaping security flaws.
Merci d'avoir lu les gars!
Hack for good!
Mise à jour il y a 30w · Voté par
Mrityunjoy Kumar Samajpati, M. Tech in Computer Science & Computer Security (2009)
I had logged into my ex-GF’s gmail and facebook account using a simple trick
This I did I think in the year 2012. The reason why I had to do this is, my gf was not talking to me like she used to before. I had a doubt on her that she started disliking me and she may be in affair with someone else. But whenever I ask her about this she denies. Later one day some incident happened and situation dragged me to do such non-sense. I know in relation understanding is very important but I could not understand her.
We used to chat using cellular SMS and facebook messages on facebook website. I could see her online on facebook but she never replies to my SMS. One day I had created a fake facebook account of her close friend and then tried to chat with her. She replies to her but she doesnt reply to my messages (logged through another browser on same computer). One day I decided to hack her facebook account. But being an electronic engineer and software enthusiast just passed out from college, I was not having enough skill to hack.
Then something strike my mind to use this simple trick. I just tried for the first time. Went to gmail.com and tried forgot password with her gmail/email id. Tried with security questions.
- What was the first mobile number you used?
We both were together for around five years. During this period she had changed 2–3 sim numbers. But I had remember her first mobile number even after several years because she used to call me anonymously from this number with a different name and used to flirt and propose me. Tough we know each other before but never spoke to her before so I couldnt recognize her voice. This is how our love started.
2. Town? (Couldnt not remember exact question but some thing related to town or city)
This I tried with different option but couldnt succeed. Then I started recollecting old memories she used to say about her families. I tried with her mom’s native which didnt work. But later tried with her dad’s native which worked. And thats it I could enter her gmail account and continued with entering new password
I was going through few mails and chats but couldnt find anything. Since now I have access to her gmail account I decided to do forgot password on facebook and reset her facebook account as well.
What I saw killed me. As I doubted she was in love with some guy and she used to chat with her very often on facebook.
The same day we both supposed to meet. We met at a restaurant. She was sitting in the opposite table and I was starring at her constantly. we both were silent for few mins. Then I asked her “Do you love me?” She said “Yes offcourse”.
Tears started gushing in my eyes when she said this. I said to her “This is the last day we both will be meeting”. She asked me “why”. And I said because I know you love someone else. I said to her about everything what I did. She couldnt believe it. I said I will share you the new password.
Later we stopped talking to each other. Then one day she call me and asked me for the new password because she needed it to check some important email of her colleges.
The password was “stillloveyou”
I dont know whether this is so illegal. But interfering into someone’s privacy I felt is really illegal.
Edit1: Thank you all for your views, votes and comments. This was my first quora post. It flooded with enormous response.
David Shastry, Directeur de création | Powerlifter | Pilote | Consultant senior
Répondu il y a 39w · L'auteur dispose de réponses 251 et de vues de réponses 3.7m
At 13, I Phished My Classmates Without Intentionally Wanting To Do So
The year is 2004. I’m going to a private school in the foothills of the Himalayas. I’m a great student, my classmates and I share a great relationship, my parents love me, and I basically love all parts of my life. Ever since I was a little kid I’ve been drawn to electronics and computing. I ripped apart my toy cars to learn how motors work, clocks to learn about displays and micro-chips, and eventually computers. I built my first computer from components at the age of 7. At 10 I was learning how to write HTML/CSS. I absolutely loved technology and thirsty to learn more about it!
One summer I remember taking a trip with the family and on one lazy day I stumbled into a bookstore down the street from where we were staying. I loved to read as well, so I was having a great time at the store browsing their collection trying to pick up some new material. As I was walking down one of the aisles, I remember wandering over to the tech section and under a few piles of newspapers covered in dust I found a book on hacking. Even then I knew it was wrong, and that I probably shouldn’t pick it up, but my curiosity got the better of me and I ended up purchasing it without my parents knowing. Over the next many months I stayed up late to read the book and understand everything about the world of “hacking” (it was actually a terrible book), and it also came with a CD with sample scripts, trojans, etc. How this book was ever allowed to be published, I’m not sure, but it was in my possession and I loved it.
One day at school I was talking to a few friends and being my idiotic 13 year old self wanted to show off and told them I could hack into our classmates accounts. Obviously, they didn’t believe me; Obviously, I had to prove myself. The plight of every teenager ever. My credibility and honor was at stake! So again, being the fool I was, I went back home later that day and popped the complimentary CD with the book into my computer and copied over some scripts. I remember reading that keyloggers were scripts that could quietly capture information and send it back to me without anyone knowing. Point to note people, if it’s too good to be true, it usually is. Moving on, all I wanted to do was log in to a few peoples accounts and log back out to show off that I could do it. I never wanted to snoop or grab any information. Just wanted to show off that I had the power/knowledge/skill to do this.
So that’s what I did. The next few days I threw the keylogger script , onto a few machines at school. For those that care it was packaged into a crappy .bat that copied over the scripts to system32 and messed with antivirus definitions to prevent detection. We had mcafee at the time that threw so many false positives that basically every alert was dismissed. I assumed I’d be fine. The script had to be initialized on each machine, and it would email me logs of all the keystrokes. However, I had to specify the time that it would run the SMTP script. I decided around 8PM since no one would be around and the machines were always on. Since I realized what I was doing was questionable and I had to install this stuff fast, I bounced from machine to machine installing the malware. All in it was probably about 12 machines in the computer lab that I “bugged”.
A few weeks go by and I get the information I need. I log in to a few accounts and all my friends are supremely impressed by my skills and I just earned a ton of cred! I was over the moon! I forget about it. Little did I know that this house of cards would come crashing down on me shortly after.
I still remember, it was a Wednesday and I was sitting at machine #4 and two computers down from me on my left (a bugged one) was Matthew, a short blonde kid who was extremely smart but somewhat aloof. It was shortly after 8am. The schools computer labs had a lab supervisor, who was a glorified babysitter, but also an IT guy to keep us all in check and take care of any issues the machines may have had. Around 8:10am, Matthew called out to the lab supervisor and said something weird was going on with his computer. I didn’t hear it initially, but I remember the supervisor walking over and saying “hmmm.. that’s weird, what’s this?”. My ears perked up and that’s when the horror set in when I looked over and saw the black background and white text of a command prompt window. My mind started racing and I realized I’d messed up. In my rush I’d forgotten that the computer’s email script required 24 hour formatted time to run the SMTP job. I’d set it as 20:15 on other machines, but I guess in my hurry I’d set it as 8:15 on this one. My heart pounding, I walked over to the machine and I see the command prompt window with the batch file that had been interrupted by the supervisor. The last line had the recipient email address in it aka mine. It was spelled out for all to see. In that moment I realized I was screwed…
The following few weeks were hell to my teenage self. My parents went absolutely ballistic on me for potentially jeopardizing my place in school and my scholarship (rightfully so), I was suspended from school, I lost technology privileges for nearly a year, which meant no Google to write papers aka tons of library work, I missed some really cool field trips, and I was grounded till forever! I also had to show up for detention every Saturday and had to single handedly scrub, mop and shine our massive wooden theater stage floor. I was being crushed under the weight of my consequences!
Very valuable and precious lessons learned but I was later told it was so serious because I’d clearly phished my peers. Phishing was a very serious cyber crime and at 13 I’d committed it unintentionally. I was an idiot and I paid dearly for it. I now look back and laugh at it but at the time it was certainly no laughing matter. I’m just glad I got that lesson in an environment that was much more tolerant of my foolishness than out in the real world as an adult. I can’t thank the school administration, my parents and others around me for drilling into me the importance of cyber law and ethics.
As much as I couldn’t stand Matthew for ratting me out, I’m forever indebted to him for leaving me with a great story and an even more precious life lesson!
Répondu il y a 98w · L'auteur dispose de réponses 210 et de vues de réponses 426.1k
- It wasn't me, it was a friend
- It was a smartphone, not a computer.
My friend had a practice of going to Starbucks, sitting down, making himself comfortable, and using an app on his phone called D-sploit (RIP). He would do a very basic attack with the phone on the Starbucks WiFi network, called a man in the middle (MITM) attack. This would enable him to intercept any packets on the WiFi network, as well as redirect them. And redirect them he did, to sites that would make everyone in the Starbucks go red with embarrassment, while hurriedly closing their laptops and shoving their phones away hoping no one would see what kind of site they were just on. Ye, that kind of site.
The other thing I remember him doing, was finding open WiFi networks that belonged to printing machines. Most people didn't bother securing them, as they didn't give any internet access. So my friend, would download the appropriate app for the wireless printer, and would proceed to print out random pictures and articles in peoples houses. Imagine waking into your den and seeing no more ink in the toner, and a whole stack of papers filled with nonsensical articles and pictures.
I don't think he ever got caught, but he eventually stopped doing it.
Répondu il y a 100w
I was responsible for hundreds of thousands of dollars worth of stolen digital items.
TLDR: I wrote the Map Hack bot which dumped your Diablo 2 items onto the ground.
Je jouais Diablo 2, a PC game where players kill monsters to collect items which empower your character. It had a very-real in-game economy for players to barter using items of varying rarities and values. Diablo 2 gear had tangible monetary value, and were often purchased on eBay and other sites.
As with any open market, Diablo 2 had riche players, classe moyenne et pauvres players. The riche used their wealth to build more wealth, mostly through good trades. The classe moyenne did the “real work” of farming items, which they hoped would make them wealthy and seldom did. The pauvres were poor for lack of time spent understanding the system.
I spent hundreds of hours working my way from pauvres à classe moyenne by farming bosses in hopes of finding valuable items. But I wanted more, and I wanted it faster.
Like any 14 year old, I was very amateur with programming. Previously, I’d made little “prank” programs in Visual Basic which would run in the background to make the mouse jump around and confuse my poor mom.
It occurred to me I might be able to use this knowledge for a scam.
So, I wrote a VB program:
- Trouvez le D2.exe process and bring it to the foreground
- Open a player’s inventory
- Select their weapon -> drop it
- Select their shield -> drop it
- Select their helmet -> drop it
- Continue this process until their entire inventory is empty…
To get them to open it, I convinced strangers I had a working Map Hack, which had been banned/patched for quite some time. And people were assoiffé for it, which made it easier.
So I start telling people I have a working Map Hack, and I’ll only share Map Hack if they trade me some piece of gear in exchange.
They’d give me their e-mail, and I’d wait patiently while they opened my program. Within moments, their hard-earned gear would begin raining onto the ground while I scramble to pick it all up - then block the victim from contacting me further.
As you can imagine, this program spread like goddamn wildfire. Within months, the entire D2 community (hundreds of thousands of people) were aware of the program, if they hadn’t already been a victim.
My victims were creating their own victims, who in-turn created more victims. It was like a virus in the D2 community. Eventually I heard people at school describe how they were scammed by my program, without knowing I made it. They were devastated.
16 years later…
I still feel awful remorse for my actions. I can’t even imagine how much this must have hurt you when all your hard work was taken in an instant.
I stole from you. I stole from Blizzard, as undoubtedly it caused people to quit the game. I damaged the community we all loved.
If you’re reading this, and it happened to you - I want you to know how genuinely sorry I am. I would do anything to take it back. Nobody plays Diablo 2 anymore, and it’s unlikely anyone still cares about their items. But much like a bully and his victim, I never had any right to do to you what I did. If I hurt you by my actions, please accept my most sincere apology.
Répondu il y a 111w · L'auteur dispose de réponses 461 et de vues de réponses 643.9k
When I was living on Yokota AFB in Fussa, Japan as a child, I was a regular military brat at a DOD school. I just had a knack for technology. I was never a particularly good student. I skipped a lot of classes, and had absolutely abysmal grades. One of the last years that I attended Yokota High School, I had actually skipped an entire quarter of the school year.
At the time, DOD schools would just pass you onto the next grade. Sooo, no real incentive to try there.
My parents however, were less than thrilled with my performance.
It was nearing the end of the school year, and I knew what was coming. I also knew how to fix it.
YHS had just implemented a new system for grade management. Ran over Win 95, and was reliant on a fairly rudimentary BNC 10/Mbps network. Not even on Cat-5 yet. Absolutely no security, and with the advent of windows 95, scouring networks became quite easy.
The class logs were all stored in plain text, in a collective folder by grade on a share drive (possibly a tape drive, or an Iomega Zip at the time, I know it was SCSI), on the network. I’m pretty sure that whatever they used was just some specifically geared 16 bit MS-DOS Databasing software.
Once I found out it was plain text, I had a hayday. I may have gone a little far, considering the end of the year wasn’t done, and the teachers would look at said data while updating grades, and attendance, whatnot.
However, I nearly netted a perfect attendance award if it weren’t for those meddling kids!
Just kidding, I almost went to Prison.
Turns out, those school computers were considered property of the Department of Defense, and mucking around with them in the background is a pretty big crime. Even if it is for something as simple as changing grades and attendance.
I was removed from class by two OSI Officers, and questioned. My father arrived, shortly after, in uniform, and very pissed off. They explained the extent that manipulating government computer systems could be punishable by law (Quite frightening as a 14 year old) and explained to my father what could happen to him if my antics continued.
Nothing ever did come of it though.. I got punished, but fairly mildly considering I could have cost my father his career.
Next year, we had to sign a Computer Use Agreement at school though. Pretty sure I may have been the cause of that!
Believe it or not, next year in Typing class, I had the chance to verify that they hadn’t done anything yet to attempt to secure it. This time, I didn’t even have to use a teacher's computer after they left the room.
I used the one provided in class. On the network.. No security…. I think they wanted me to do it again.
Répondu il y a 66w
I was in school studying science for my +2. I was very tech savvy, and people around me knew about this. I was an intelligent student but was never inclined towards studies. So one fine day, an office staff saw me passing by and asked for help. His computer was not working properly and wanted some help. I fixed the issue. I dont know why I turned on network sharing on all the drives. I just did it for no intent or reason. Was just playing around may be. This was when I was in class 11.
All the computers were connected to a common network. After several days when I was working on a PC on same network, I found the office PC pop up on the network. I opened it and started browsing the drive I shared. I found lot of files related to student information, etc etc. On exploring further, I found some question papers on that computer. Little did I know that PC had such sensitive information. My heart was racing. I looked here and there to see no one is watching me. I navigated to my class folder and opened a subject. I was SHOCKED. I was losing my mind as what to do. I am not one of the honest types. But this thing was scaring me. Not wasting much time, I made a copy of the folder on my pendrive and left. Cleared the required network history. It was a different thrill that I was experiencing. So I used to keep checking that folder every few days for updates. And I used to get updated subject files.
Hence I became very overconfident for my upcoming exams. I did study but somewhere within me I was relying on those papers. As I had good rapport with teachers, and my friends knew that. Hence, I shared some hints with my close friends saying I got it from the teachers. On the day of my exam, I was really scared to enter the hall. As the first exam is English Language, so it was very easy to manage. As I got the paper, I found it is the same one I had. Though, English Language is not something one cheats on. I was feeling lot more confidant. And all the papers were the same as I had. Like all of them. I wrote well, results were good. I was happy. Not very proud but happy. I was amongst top few guys in class. All were amazed. I was not that good a student to deserve those marks.
As I was lot more interested in extra curricular, I skipped more classes, studied less. Again I was dependant on the same source for the finals. I repeated the same thing for the finals as I never studied throughout the semester. Finals were good. I was promoted to class 12. I strongly felt now I should study. I started studying. But then somewhere I knew I had that source. I cheated myself for the next 6 months. I got more involved in extracurricular than studies. I repeated the same for class 12 prelims. I was still thought that I would study for the boards on my own (As its a central paper). I did study but I was relying on the source.
I again wasted my time. It was pre boards and somehow this time the papers didn’t match. I did miserably in my exams. I failed almost all subjects. This was an eye opener. I had no more chances left. Next was the board exams. I started studying seriously. I put my best effort now. I wish I did this long back. And somehow I managed boards. I didnt to great, but they were ok. Not miserable. I was not interested in engineering. Also the fact that my base of science was very weak so it would be the biggest mistake to take up engineering. I wished to pursue an alternate career other than engineering or medical. I convinced my parents to allow me. I am doing that now. I am happy and satisfied. I earn okay. I don't starve.
Pros of what I did according to me : As I was too involved in extracurricular other than studies, it opened up my mind to think differently and not follow a rat race. I learnt a lot and helped be select an alternate career option. Even if I studied well in those years, I would not want to be an engineer. I got lot of experience during that time which is very useful to me in my career today.
I DO NOT endorse this act of mine nor encourage any other student to do something like this
Inconvénients: Getting a paper created a careless behaviour within me. I became over confident. I was not able to stop the temptation to do it again. I was just lucky enough to survive. What if I did not do well in the alternate career, just I would just be left with class 12th pass as a qualification with very average marks. Had I studied, I might have done better in life, you never know.
And yes, this is one incident of my life, no one knows. I just told one friend about it, and no one else. I wrote it on quora for the first time here. Again just want to say I am not at all proud for what I did.
PS: Writing on Quora for the first time. Please comment if there are any mistakes so I can rectify.
Répondu il y a 114w · Voté par
James Beland, CTO at Draconian Solutions, been building computers all my life.
I was a computer lab supervisor at college. Most of the job involved helping newbies print out their papers for class, kicking out game-players when people needed to do actual work, and helping people log in when they forgot their password.
That latter ability gave me a certain amount of power. I explored the limits of that power when things got boring.
The first thing I discovered was that I could change parameters like how many times you could be logged in. So I promptly increased my number to double digits. I logged myself into every computer in the lab, and created a program that looked and acted just like the network logon screens. In reality, they were recording every keystroke as people tried to log in. It didn’t take more than a few hours to accumulate several dozen logins. When people asked nicely for help, I “repaired” the computer and gave them access.
I used those, and gave myself more privileges yet. Within 2 days, I had faculty-level access. By the end of the week, I had made myself a sysadmin.
The primary thing I did was read e-mail. Most of it was the dull sorts of things you write e-mail about. But I also uncovered a lot of dirt on a lot of people.
What might elicit a shrug elsewhere was a BFD at an extremely conservative religious school. I knew who was sleeping with who, in a place where people had to keep their dorm doors open on the special days when the opposite sex was allowed over. I knew where the drinking parties were among people who signed pledges not to touch a drop of alcohol.
Some affairs I followed out of prurient interest. Some I took action on. I never planted anything, I just let their own loose lips sink themselves. Some e-mails got “accidentally” forwarded. Some people got caught with porn on their computers. (I didn’t put it there; I just laid clues for school administrators to find it.) There was a hasty resignation, and more that a few students wound up on probation. I didn’t bother the people who were kind to the lonely nerd who ran the lab … just the people that, in my opinion, had it coming. I never blackmailed anyone, either, although I uncovered some stuff that, in retrospect, I really should have just called the police about. Given some of the stuff that came to light years later, I wish I had.
After a year, that lonely nerd found a great girl, and my interest in picking through other people’s lives dwindled.
Be nice to nerds. They read your e-mail.