My school's IT security is shit, always has been. This week is my last week at school, so I plan on demonstrating the exploit to my ICT-professor.
The school blocks all .exe files from being saved to the hard drive, other then those that are whitelisted. One of the whitelisted .exe's however, is Gamemaker 7.
This means it is very easy to embed a .exe file in a .gmk file (which will not be automatically deleted, unlike .exe files), and load it directly into memory.
I've used this to run emulators on school computers when I was bored, however it could be used for malicious purposes.
What would be a good program to demonstrate this vulnerabilty? Preferably something that doesn't actually [I]do[/I] damage, just makes it clear that damage [I]could[/I] be done.
[QUOTE=onebit;47556652]Run an emulator.[/QUOTE]
this, also is your IT like really spastic about this shit?
My primary school tried the same tactic and some smartass somehow was smart enough to get around that and inject a virus which wrecked the entire school's internet infrastructure
Why do you care about your school's security?
[QUOTE=download;47556686]Why do you care about your school's security?[/QUOTE]
I just thought it would be a nice thing to do...
I showed an exploit to my teacher and got a sticker.
[editline]19th April 2015[/editline]
Alternatively you could do what I did with the 2 other exploits I found and exploit them, then get your computer access removed when they trace it back to you because it turns out your maths teacher is actually the head of e-safety in the school despite not knowing shit about computers.
[QUOTE=rakker;47556697]I just thought it would be a nice thing to do...[/QUOTE]
But then you won't be able to run emulators at school any more. They might even completely remove game maker.
As a wise deputy-principal once told me: "It's not an exploit if no one exploits it"
[editline]19th April 2015[/editline]
But seriously just tell a teacher, it will work out best for you.
[QUOTE=Handsome Matt;47556708]Don't; I got a criminal record for showing my concern of security of my personal information.[/QUOTE]
Care to elaborate?
Honestly, the best course of action could vary from country to country, just don't get yourself arrested.
I'm from the Netherlands, and basically I should not do anything about this?
Don't demonstrate the exploit, just point out the flaw to someone who can do something about it
If nobody wants to listen, then don't be the good samaritan that gets fucked over
[QUOTE=Handsome Matt;47556816]I showed my IT department an exploit in their network where students information could be accessed on an Apache indexed page on a public HTTP server. They escalated it to the head teacher probably embarrassed at their fuck up, made me out to be some leet hacker who was going to sell all the students informations to paedophiles (I'm not exaggerating, this is what they said) - suddenly police are involved, whenever I try to argue my case or explain any of it to the incompetent idiots I was threatened with more harsh actions: expulsion, court, it was a long time ago. In the end I managed to settle for just a warning on my record and 6 months community service - so fuck them, whole system is run by fucking idiots.[/QUOTE]
yeah, for real, most school districts have an incredibly strict no tolerance policy for any sort of hacking, even if it's only to showcase it. teachers have no idea how to do anything IT wise so everything looks like you're about to pull some serious 90's hacker movie bullshit on them.
a guy i knew got suspended from school for unplugging a VGA cable from the monitor once.
[QUOTE=Joeyl10;47557336]yeah, for real, most school districts have an incredibly strict no tolerance policy for any sort of hacking, even if it's only to showcase it. teachers have no idea how to do anything IT wise so everything looks like you're about to pull some serious 90's hacker movie bullshit on them.
a guy i knew got suspended from school for unplugging a VGA cable from the monitor once.[/QUOTE]
When I was in primary school one of my teachers accused me of hacking for playing a prank by switching the keyboards and mouses around on two computers so when you moved the mouse on one computer it moved the cursors on the other computer.
Told my teacher today (last time I'll ever be inside that school) and he was grateful, so all is good.
[QUOTE=Handsome Matt;47556816]I showed my IT department an exploit in their network where students information could be accessed on an Apache indexed page on a public HTTP server. They escalated it to the head teacher probably embarrassed at their fuck up, made me out to be some leet hacker who was going to sell all the students informations to paedophiles (I'm not exaggerating, this is what they said) - suddenly police are involved, whenever I try to argue my case or explain any of it to the incompetent idiots I was threatened with more harsh actions: expulsion, court, it was a long time ago. In the end I managed to settle for just a warning on my record and 6 months community service - so fuck them, whole system is run by fucking idiots.[/QUOTE]
the fuck.. :(
Sorry, you need to Log In to post a reply to this thread.
