Login LOGIN WITH FACEBOOK Register LOGIN TO REMOVE THE ADS


Scroll me back to the top !





[ HOT ] How to Hack Your School Grading System [ Change your grades! ]
Author Message
princeshama Offline
Member
Posts: 141

Reputation: 0
Thanks received: 10
Thanks given: 0
HackCommunity Coins: 209
Post: #1
[ HOT ] How to Hack Your School Grading System [ Change your grades! ]
Hello everyone, as it seems that a lot of you guys seem to be in high school and want to be like the "War Games" hackers I figured I'd write a tutorial on how to steal logins for online grading systems.

If you're school still uses paper to write down and keep track of grades this tutorial is not for you!

Please remember to be careful with this information, this is not for you to use only to understand that this is a posibility Wink


Step One - Understanding Some Basics (Skip this if you don't care what's happening behind the scenes)
Now you've got to understand some basics about how computers communicate on a network (if you are familiar with this and have a general understanding of how TCP/IP works then skip this section as it is only for those who want to learn what's happening behind the scenes!)

I'll try to cut down on most information!

So basically every computer on a network has an IP address be it "192.168.1.101" or "10.0.0.10" that is your IP for your computer on your current network. This is your computer's "address" much like every house has a mailing address to receive postage!

So basically all the computers send information through the "router" or "switch" which passes it on out to the internet and vise versa. The router broadcasts it's address to every computer on the network and says "Hey everyone! I'm 192.168.1.1 and I'm your default gateway! Send all your requests through me and I'll serve you!" and all the computers happily send their requests through the router.

But what if someone lied about being a certain IP address?

In an ARP cache poising situation, this is exactly what a hacker would do.

Hacker's Computer: "Hey 192.168.1.1 (router)! I'm 192.168.1.100!"
Router: (Didn't ask, but accepts this information) "OK thank you I'll send future data your way!"
Hacker's Computer: "Hey user 192.168.1.100 (Vlictim)! I'm you're router!"
Vlctim's Computer: (Didn't ask, but accepts this information) "OK thank you I'll send my requests through you!"

Now the hacker has places himself in a very great position! He is now a "proxy" or a computer that both the router and the vlctim must push their information through.

So now if the vlctim wants to visit a webpage all of his data is sent through the hacker's computer and on to the router and vise versa.

The advantage here is now the hacker can read everything the user is doing online.

The problem
The main problem with this is that most sites that do "Online Grading" encrypt their data before sending it to the router so that this attack is thwarted.

The solution
Using software like "Cain & Abel" you can get around this problem. This is done by spoofing the SSL certificate for the vlctim, however this can not be done completely as the vlctim will get a "SSL certificate error" warning message. Luckily in the most used version of Internet Explorer this message is just a simple "blalla error, click here to continue" and most users just ignore this and click ok. Now they are connected to the website but you can still see what they are doing!

Congrads, you now (kinda) get how an ARP Cache Poising attack works & SSL Spoof attack.

Step Two - Starting out (If you skipped step one you're a bad person!)

A nice warning you'll be doing all this on a school computer, please be careful not to get caught (what if someone actually knows what you're trying to do?! Oh noes!)

No you're going to need to install Cain & Abel for doing this attack! This is a Windows hacktool with all sorts of fun built in!

{{{DOWNLOAD HERE}}}

Great! Now install the thing (I'm not going to hold your hand on this as it's really straightforward, just say yes to installing everything)

Eventually you install everything and you start up Cain, please be sure you've allowed it internet accept if Windows prompts you for it.

Now, you're going to need to click the sniffer button in the top left corner. It's looks like this

[Image: y77qq10.png]

This has started the "sniffing" process where your computer will capture any traffic that it sends/receives. At this point this is only the websites you visit but you want to see everyone else's internet activity aswell!

Step Three - Gathering vlctims!

Now we are going to get a list of all computers currently on the network so we can poison them.

To do this go to the sniffing tab as show below

[Image: 71kavl10.jpg]

Now you've got to start the ARP Cache poising. Click this button

[Image: 312.png]


Great! Now you need to select some computers to poison.

Click the "+" button to add some computers to your list

[Image: 411.png]

The following box will pop up

[Image: 511.png]


The default settings are perfectly fine, so scan everyone on your current subnet (which means everyone who's behind the same router/switch as you)

Wait for it to finish scanning, once it's done move on to the next step.

Step Four - Poising some ARP Caches!

You are now going to direct everyone's traffic through your own computer so you can see what they are doing and steal their online passwords!

Click the following tab: (Bottom left)

[Image: 611.png]

Now click the Click the "+" button to add some computers to your list of to poison

[Image: 711.png]

This window should now pop up

[Image: 811.png]

Now you're going to want to select the first IP address on the left, this is the router address so you can capture all data being sent to the router.

Then select EVERYTHING in the right column.

(Read the warning in the image above about selecting to many vlctims to poison!)

Then click "OK"

You are now intercepting all data on the network! Pat yourself on the back! You're screen should look like this

[Image: 911.png]

Step Five - Viewing intercepted data

Great now that you're intercepting traffic you're going to want to view all the passwords you're stealing!

Click this tab: (Again, bottom left)

[Image: 111110.png]

Now you see the following

[Image: 33311110.png]

Those are all of the different types of passwords you're currently capturing!

Since you're trying to get the online school grading passwords, click the "HTTP" section.

Now you can see all the passwords you're capturing in realtime

[Image: 1011.png]

Wow that's cool! Now just wait until a teach logs onto the online grading system and you've then captured their password!


Important - Read this
Something important to remember is that Cain is currently only capturing password data that it recognizes. It may not understand what data is a password and what isn't.

You can specify what you want Cain to capture by clicking the "Configure" button at the top:
See this link for image: {{CLICK HERE TO SEE}} (max number of images in thread is 15)

You should see the menu below, go to the "HTTP Fields" tab and select everything in the top column and "Removal all" do this for the bottom section to

[Image: 1111.png]

Now you need to know the field names for the username and password of the school grading system. Go to the grading login page (if you don't know the URL just grab it from the data above).

Now you want to view the source of the page (Ctrl + U in Firefox)

Look for something like this

Code:
<input name="txtTeacherUsername" id="txtTeacherUsername" size="18" value="" class="gaia le val" type="text">

  <input type="hidden" name="txtTeacherPassword" id="txtTeacherPassword" size="18" value="" class="gaia le val" type="text">


As you can see the two fields are "txtTeacherUsername" and "txtTeacherPassword"

So now go back to Cain and add those field names in by inputting the field names and clicking the plus button

[Image: 1211.png]

And click "OK"

A nice little warning is that anyone who is connecting to a website via SSL will see this most will just click to continue

[Image: 1311.png]

Congrads! You are now capturing only the school grading system logins (unless multiple websites share the same field name!)

Then remember the logins, go home (hide behind a proxy!) and login on the website and change your grades

say thankx by - Ms
(This post was last modified: 11-15-2013 05:11 AM by princeshama.)
03-03-2012 11:00 AM
WEBSITE SEARCH QUOTE
The following 1 user(s) thanked this post:
Jingjue
The Alchemist Offline
Cult Of Personality
Posts: 989

Reputation: 119
Thanks received: 209
Thanks given: 307
HackCommunity Coins: 825
Post: #2
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
Nice one dude.... Hehe... Changing my grades...
03-04-2012 04:19 PM
WEBSITE SEARCH QUOTE
clezybusiness Offline
Member
Posts: 147

Reputation: 0
Thanks received: 6
Thanks given: 0
HackCommunity Coins: 39
Post: #3
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
nice tutor.......will try it sometimes
03-06-2012 02:48 AM
WEBSITE SEARCH QUOTE
Reverence Offline
HC's Beatboxer
Posts: 487

Reputation: 0
Thanks received: 28
Thanks given: 0
HackCommunity Coins: 215
Post: #4
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
I have a question. Do you need to install this program on a school computer? If so, is there anyway that you can somehow link the school computer to yours?
03-06-2012 02:59 AM
SEARCH QUOTE
princeshama Offline
Member
Posts: 141

Reputation: 0
Thanks received: 10
Thanks given: 0
HackCommunity Coins: 209
Post: #5
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
yes u need to download this program but its for education purpos only do not try for illegal work thankx
03-06-2012 10:51 AM
WEBSITE SEARCH QUOTE
moroaddict Offline
Member
Posts: 130

Reputation: 3
Thanks received: 39
Thanks given: 0
HackCommunity Coins: 88
Post: #6
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
nice one!!!....i'll need better grades to enroll on college....thanks ^^ <3
03-07-2012 07:21 PM
SEARCH QUOTE
ruifcp Offline
Member
Posts: 8

Reputation: 0
Thanks received: 0
Thanks given: 0
HackCommunity Coins: 0
Post: #7
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
*-* me gusta ( evil laugh)
03-08-2012 02:28 AM
SEARCH QUOTE
TheNiceUb3r Away
Member
Posts: 110

Reputation: 0
Thanks received: 0
Thanks given: 0
HackCommunity Coins: 45
Post: #8
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
Wow man very very detailed
thank you for this
03-08-2012 02:35 AM
WEBSITE SEARCH QUOTE
princeshama Offline
Member
Posts: 141

Reputation: 0
Thanks received: 10
Thanks given: 0
HackCommunity Coins: 209
Post: #9
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
ur welcome thaknx for like this
03-08-2012 10:09 AM
WEBSITE SEARCH QUOTE
oganmicheal Offline
Member
Posts: 11

Reputation: 0
Thanks received: 0
Thanks given: 0
HackCommunity Coins: 0
Post: #10
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
what is the procedure of hacking ust.edu.ng it's an asp site, but couldn't get the admin page and couldn't hack it. Any idea?
03-22-2012 12:48 AM
SEARCH QUOTE
saiMaesto Offline
Member
Posts: 2

Reputation: 0
Thanks received: 0
Thanks given: 0
HackCommunity Coins: 3
Post: #11
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
I haven't tried yet, but what if the school computer blocks you from installing the program Cain and Abel?

What do I do then. There are no computers in my classroom, but in the library. So, can I still get the IP address of my teacher from there or not? What do I do if my classroom has no computers? Can I do this anywhere?

How would I get caught doing this. How will the administration or teachers catch me doing this. Is there a high risk of getting caught?
04-10-2012 01:08 PM
SEARCH QUOTE
Circle Offline
Member
Posts: 3

Reputation: 0
Thanks received: 0
Thanks given: 0
HackCommunity Coins: 4
Post: #12
RE: [ HOT ] How to Hack Your School Grading System [ Change your grades! ]
This is a great tutorial, you can also do this on linix with ettercap by the way. Also, other than the message about the untrusted certificate, is there any way the network admins could know you're doing this?
04-11-2012 02:26 AM
SEARCH QUOTE




Possibly Related Threads...
Thread: Author Replies: Views: Last Post
TUTORIAL How to hack any computer with cybergate ultimate tutorial asadxeo 19 3,115 Yesterday 04:01 PM
Last Post: chmod
Solved -  Enter [removed for censor] . net without any proxy/VPN CrackeRR 2 48 04-15-2014 01:15 PM
Last Post: Geoff
[Mega Thread] How to Hack FaceBook,Gmail and yahoo ID by Backtrack Phishing? HrDe 23 3,273 04-06-2014 02:33 AM
Last Post: kustomrtr
How To Hack A Computer With Just A IP harnoor 80 8,774 04-03-2014 03:36 PM
Last Post: ralf93
How To Hack Facebook Account Using Desktop Phishing soldi3r 61 7,023 03-29-2014 04:48 PM
Last Post: GhettoPrince
TUTORIAL How to Shutdown Computers at School Remotely harnoor 16 907 03-26-2014 07:32 AM
Last Post: Psycho_Coder
TUTORIAL Hack a website using WebCruiser [Highly detailed with pictures] dR.0xYw0Rm 117 6,103 03-20-2014 01:29 AM
Last Post: chmod
How to hack Facebook accounts || Top 5 Ways in 2013 & 2014 Legolas 58 9,403 03-06-2014 05:04 AM
Last Post: eRoHsIk dInG
Hack a website using SQL Injection - step by step guide Legolas 12 773 03-05-2014 07:28 AM
Last Post: 756dk
TUTORIAL [SQLi] So you thought your login system was secure? shp0ngl3 3 251 02-23-2014 01:04 PM
Last Post: Legolas