Potential Vulnerability

[limdis]

K I've got some experience in this. Here is what worked for me and some notes you might want to check into.

I assume all the computers are stationary/owned by the school correct? If so that will make things a lot easier to get some root action going. Somethings to keep in mind though that whatever you use you have to make sure it won't be picked up by the AV. If it is detected the moment of the first injection it will be logged under your account as the source of the infection and you will be questioned/lose your privileges. Besides the AV, the system I crept through would search 2-3 times a week (or on admin command) to scan the entire system for key words. This log was kept daily for internet use to catch those trying to view pronz. However, if you named the infected file (if you use a rat for example) something like, 'boobies' odds are it will be picked up and view specifically by an (or THE) admin. Now, where you first drop this is important. You don't want local machine C: drives, you want access to the share files. You can risk your own account and do this OR you need to figure out the map the teacher/driver share drive. Check computers closest to printers. A lot of times when they do repair work and instal drivers they will map to the drive and forget to disconnect it. In my experience these drives are not protected and if you know how to get to them anyone can access them. The library computers are good to check to because they are always locking up forcing diagnostic repair. It's my suggestion to be the prime location to get teachers and the admins to see it.
Now, school admins can be some prideful fuckers and they are usually stressed out by the central office (usually located at the board of education for example). So you must use tact when exposing any vulnerabilities lest you get slammed for violating your system user agreement. By acting like you found out something by accident at first can generally allow you to explain it without them getting mad. Then own them with your vast knowledge.

Want updates! I want to see how this goes for you!

[LoGiCaL__]

My advice would to be create a ransom type of letter with cut out letter from various newspaper/magazine articles to avoid a digital footprint and any chance of them comparing hand-writing styles. Possibly even gloves lol. Then just leave it somewhere in the admin office. This will initially get a lot of attention because well it looks like something more serious than it really is.

[WallShadow]

Ok, thanks for the advice everyone, but I want a few things clear:

1. I doubt I'll actually gain anything from making this a threat instead of a notification or a warning of a vulnerability.
2. If I do actually tell them, im not going to do this in person. I'm only considering this option because of the tormail thing.
3. School year hasn't started yet, and if i send them a message now, it'll probably just be fixed without any commotion or anything at all, which would be just sad. Seriously, who doesn't like to see someone they hate squirm?
4. I'm actually pondering the possibility of exploiting this. But that's still in the works. Nothing just yet.
5. The school is completely covered in cameras. the only things not covered by cameras are the inside classrooms and the bathrooms. Leaving a note somewhere, they could track me across ten different cameras and pin point me the second they find the note.

If I do do anything with this, I'll let everyone know. Thanks for the support everyone!

-WallShadow <3

[LoGiCaL__]

Ok, thanks for the advice everyone, but I want a few things clear:

1. I doubt I'll actually gain anything from making this a threat instead of a notification or a warning of a vulnerability.

I definitely wouldn't make it a threat. Just inform them or don't and be on your way. Also, I wouldn't follow through with it if you have told someone else that would be attending school with you for which should be an obvious reason.

2. If I do actually tell them, im not going to do this in person. I'm only considering this option because of the tormail thing.

That would be the worst possible thing you could do. So many times and mostly with these "letting the school know" situations people get caught up. Either getting suspended, expelled or fined or even a combo of the mix and making a way worse situation then really needs to be.

3. School year hasn't started yet, and if i send them a message now, it'll probably just be fixed without any commotion or anything at all, which would be just sad. Seriously, who doesn't like to see someone they hate squirm?

Well, this may make it a better time to let them know. I'm not saying you are, but don't just do this for notoriety. Aim for more a ninjaesc method. Go unseen for as long as possible. Whatever you do decide to do, don't mention one bit of it to anyone. People like to talk and one way or another I'd be willing to bet that it will end up coming back to bite you in the ass. Just not worth it.

4. I'm actually pondering the possibility of exploiting this. But that's still in the works. Nothing just yet.

It's good mental exercise and maybe a good test environment.

5. The school is completely covered in cameras. the only things not covered by cameras are the inside classrooms and the bathrooms. Leaving a note somewhere, they could track me across ten different cameras and pin point me the second they find the note.

If you go with the ransom note method (lolz) you could just mail it to the school with an attn: to the head of whoever is in charge of the IT department.

Good luck with whatever you end up doing.