My School's Admin recently came to me and asked me to test the school's security. He promised me no actions would be taken for my exploits as long as I should him how I did them. This has become an awesome experience for me, I have learned so much and have also gotten a chance to teach him.

After finding a whole with file permission on the Local terminal's I went to him to talk about it. I assured me that he knew about this and it didn't bother him because if something went wrong he could always ghost the machines.

Any user on the network can delete any file that is not required by the system. (NT 5)

Well I'm working on showing him the value of Terminals. I planned on Stealing the Sam file from the local machine and brute forcing it.... But I need to think of a clever way to steal it.

I can use a boot disk, and get it from the server. But that is rather boring... So I sat down in vb and wrote a little program with one button that when pressed, it would copy the file. This got me thinking... writing a vbscript that when run it would check your username and compare it to a list of admin. If user was an admin, the script would send the file to a remote folder on a terminal. If the user was not an admin, it would use the outlook to spread to every user. To prevent it from spread out in the open, I would have it check ip address if the ip addres didn't match up, I would have it kill itself.

Well I guess I'm just looking for everyone's opinion. Or suggestions for creative ways to show the value of Terminals.