Cheat Engine

[Polynomial]

At college, they use an application called HDGuard which restores the hard drive to its original state every time you boot the PC up. This stops the kids messing with the settings and screwing it all up. However, the downside is that it eats up a good 60% of CPU cycles most of the time, and causes the hard disk to crunch away all day. To get into the control panel of the config utility you need a password.

So I load up OllyDbg off my pen drive and debug the application, and produce a patch (single JNE replaced) that simply allows any password to be entered. In the process of doing this, I noticed that they used the complete genius method of storing the password - as a freaking unobscured string in the executable image. Now I have their administrator password for the entire application. So I launch the program, and disable HDGuard on my machine. Best part is that when it's disabled, it won't re-enable automatically because the service no longer kicks in at boot. All well and good.

I looked through the HDGuard folder in Program Files, only to find "HDAdmin". What's this? I run it, and it asks for a password, so I type in the one I just got for the config page. It lets me in (*facepalm*) and takes me to a network configuration panel for HDGuard. I was presented with options to apply ANY configuration I liked to ANY machines on the entire college network. This is somewhat scary. I looked into it a bit more, and it turns out that the remote commands for this window are scripted in a config file that is in C:\Windows\System32. Now normally we can't get at C:\Windows, because HDGuard prevents it. But it's not running. So I look in the file. The commands are simply paths to executables with varied parameters! Now I'm thinking... wait, I _own_ the whole network?

I figured what the hell, I'll give it a go. I altered the script to add a new command called "Ping Google", with the command "cmd /C ping google.com". I closed HDAdmin and re-launched it, and there it was - ping google. I chose the machine a few seats down - which is pretty easy to identify as the tech guys write the last octet of the LAN IP of each machine on the side of the box. Next thing you know, the girl sat there is looking confused because a command window just popped up, pinged google, and disappeared. Now my blood is pumping. I at least have control of the subnet on which I run HDAdmin.

Next I find the IP of the server that hosts student's private directories. All I had to do is look in Explorer for the network share, then ping the name of it. There's no way this'll work, but I figure I'll give it a go. To see what would happen, I ran an instant reboot of the server - a simple "shutdown -r -t 00 -f" command. The network share dropped, and so did my jaw. How freaking dumb are these people!? They run the HDGuard client on their server and allow remote commands!?

Now I'm getting worried, because I just rebooted a college server from a machine which I'm logged into with my own username/password, whilst CCTV is pointed right at me. But hey, I'm done with my HND so what's the worst that could happen.

I waited for the server to come back up and wrote a quick C# application that acted as a remote shell. I put it on my shared folder, then used HDAdmin to copy it onto the server's C drive and run it. I opened up telnet, connected, et voila - I have full access to the server. So I start digging around. Here's what I found:

1) They have a folder containing MP3s of EVERY phone call that comes into the switchboard. I grabbed a few and listened in, but it was boring.
2) Several students have porn on their shared drives.
3) They're using McAffee Anti-Virus on the server. Hahahaha... *dies laughing*
4) The admins keep an MS Access database called "students" in My Documents. I'm seriously lol'ing.

So I figure I'd take a peek at the database. I copied it onto my user directory, and opened it up in Access. No password. It not only contained the name, date of birth, address, phone number, student ID number and national insurance number for every student in the college, but also a flag stating login accounts that hadn't been activated. An unactivated account is what our college calls login names that haven't been logged into yet, which still have the default password (6 digit format date of birth). This is seriously worrying. I now have access to their server, every machine, and piles of other user accounts. I logged out and tried one, sure enough I got into it and was prompted to change my password from the default.

I'm so tempted to just anonymously email them this, and explain how freaking stupid they really are.

[kls85]

While their methods of security may be weak, but as a college student, you should have the proper respect not to breach a school's database even thought you know how to do it.

What does this tell all of us?
1. You felt you're a genius so you have to post a topic
2. In reality your just like a 13 year old immature kid.
3. You have never worked in IT where managing hundreds of computers is a highly stressful job especially from those doesn't know shit.
4. Who don't give a fly fuck as to what you have done.


Congrats for your successful idiotic attempt at cracking into the school's computer systems.
You want a e-cookie for your reward?!

They should have used MS steadystate and it's free.

[iTz SWAT]

Nice. Don't email it to them or else they are going to upgrade there system and disable much more shit. If you want to do the right thing, then copy everything u want on a USB, but never touch it unless an emergency happens... If you want to be a bad boy then 1337 Haxor everything, but back it all up...
What ever you do, don't notify them, and try find a PC away from any CCTV, and away from other teachers etc...
If possible connect a laptop/net book to the network.
Oh and never tell anyone including your bestest friend, they would want to know how, and they'd want a user and password... Then they'd tell their 2nd best friend...

[Polynomial]

[Jani]

[Polynomial]

I started off in BASIC, moved to VB6 when I was 9. Tried a bit of C++ at that time, but I didn't really use it that much until later.

After that... VB.NET, C#, C++, C, PHP, XHTML/CSS, Javascript, Java, a little Delphi, some ASM. I suppose you could class SQL as a language too. I've learnt plenty of web technologies too - AJAX, SOAP, XML, XSL, ActionScript (Flash), etc.

[Localhost]

[Slugsnack]

if this is true you were very stupid for doing it all on your own login..

[kls85]

Sure you know how to crack into a school's system, but what is the point of doing so and if your mind is actually the same age as your physical body then we all expect that you have a greater sense of responsibiity and control over your urges.

While in this forum, no one really cares too much, but I do hope your actions you presented here isn't presented in the real world where young kids look up to you as a role model.

[educofu]

:O holyshit, im 15, im learning C++ now, and i wonder how the fuck could someone learn anything at 9...

bullshit or Autism... i think its bs.

[steohen2]

interesting experience all i have to do at school, is open up notepad put some codes in it target main_root save it as .bat
run it and bam i shut down all pcs in my school >_>
but hey im 16 with barely any experience

[Slugsnack]

[Haswell]

I don't give a shit about his programming experience, nor do I care. I do care about what he's capable of, and that's all I need to know. It's about satisfying one's curiosity, as well as sharing our knowledge.

Burningmace, good job.

[Polynomial]

[Zcythe]

Well it's the schools fault for having such crappy security, and also come on people he didn't really alter or cause damage. Very entertaining, and kudos for not tearing up that schools system, it could have gone a lot worse if that power got into the wrong hands.