WallShadow wrote:As for privileges, I don't think that it will pose any sort of problem. When a hapless student double clicks the .lnk on his desktop he will start the program with his own credentials and a clear reference his personal C: drive. It would take only a small compiled C++ program to write a few files to his user Startup folder so the next time he starts his computer, the rootkit can start collect any necessary information and then open up to an Inet address on the school network, listening for any possible instructions that I might send it's way. The network administrators wouldn't notice the additional traffic, I've done it before with simple chat clients with friends.
It would be simple to figure out who is who because our school usernames are always <first name><last name>. This even applies to teachers and administrators, something I just realized and will take into account while brute-forcing their passwords in the coming days.
The reason that I am not going to report this to the administrators under any circumstances is that they are the kind of IT guys that hate their jobs. They are NEVER excited to see students at their door, but I really can't blame them. You'd be surprised how poorly people can treat their school laptops. Broken screens, missing keys, missing touch-pen, or just blue screens are quite common for many students. If I come up to them, claiming that I can hack their school network, I'll find myself kicked out of their school faster than a rapist.
RiptideTempora wrote:Tormail.org -- Don't identify yourself.
WallShadow wrote:Ok, ok, assuming I will send them a message about this, what would I say?
"Hey guys, your server "A" is vulnerable because it is publicly writtable, you should fix it!" ?
Users browsing this forum: No registered users and 0 guests