Printable View
I think it’s about time schools stopped treating all students like juvenile delinquents and remove all security measurers form computers and put them back on if a student doesn’t act responsible. Respect gets respect. Security measures = challenge.
It’s easy enough to make two ghost images. One locked down tight and one not.
programs can also be run using the task manager
My school desided to password everything..
They have a program called deepfreeze that made me made in particular...
It just made it so you couldnt save to hard drive without it getting deleted on reboots, pretty much makes you save to your "student folder" on another networked drive.
Anyhow, there was a little dialogue box that you can open up to turn this program off. So i was messing around and for fun I tryed using the shortform for the school, KDSS, then the shortform of the regional board, BWDSB, well BWDSB was the password so i am in full control. Try the shortforms if you get passwords, they work well
Some people may loath programs like deepfreeze but I love em. At the college I’m attending it’s on all the computer and if you sit-down on one that’s screwed up you just pop the reset button and away you go. No waiting for the computer to be re imaged or fixing it you’re self. Also it helps prevent things like cookie stealing and keyloggers. Once I sat down at a school computer that didn’t have deep freeze on it and decided to take a gander in the cookies folder. There were hundreds of cookies for about every site you could imagine.
My school uses 2k Pro, and we used to be able to get to c:/ by a couple of ways :
1. Setting the browsers homepage to c:/ <---- soooo easy
2. making a VB prog that opened windoz explorer at c:. even do it in word
shell "c:/winnt/explorer c:",vbNormalFocus <-- from memory, could also get a command line from there by running command in c:/winnt
3. If they have turbo pascal on their computers, you can get a DOS command line from there which you can navigate freely around the disk.
good old getting around crappy school security
Im currently in Computer Networking Tech. and the samething is happening there. They threw up what they thought was a good security, like removing Command.exe and the screensaver and background. All I did was hit run and typed in Command and WHALA command came up. For the Background all I did was right click over a pic and changed that boring pic of theres into an awesome one. I told my teacher that his security technology really sucks and then showed him why, when I ran FDisk. Dont worry I didn't follow thru with the command, but it did open his eyes.
Wow, hey look, a anti security thread in a security site.
hmm. *rolls eyes*
Im on the other end of the spectrum. I have been charged with securing brand new dells in a public library. Some of the measures I have to take are absurd. These kids are so bad that if they cant maliciously tamper with the machine they resort to physical damage.
However if they have free reign of the machine, they think it funny to find the most offensive sites they can, turn the speakers up and run obsence videos, musical songs, and anything else to proove how "cool" they are.
Since the library is under federal funding the answer isnt just throw them out - you cant.
the federal funding says free and unobstructed access to net content.
then we have the crowd that is over 18 that does the same things.
they loved to save to the hard drive, again the most obscene filth they can etc.
My point here is, as SOME places SEEM to go nuts with their security, a lot of them really have a reason. yes, ghosting would be good there... but Im not there nearly enough and they dont know anything about it.
A lot (not all) of the threads here are kiddies passing back ways to "hack".
I think that we need to end this thread...as I dont see anything of real value coming from it.
I'm sure you could use arbitrary code injection to kill fortres101 process' ?
Someone correct me if i'm wrong- If you can run an APP (via, ie>> "a:\app.exe") then you can most likely gain admin rights on that local pc. Questions/ COmments? Again- i restate that i may be incorrect. :-)
SAP training centers in the past locked you out of the drives and block the run option -to get around that you open winword and clicked open. In the open dialogue you would find the file in question (ie explorer.exe) right click and select send to command line. I think this was done on the NT systems -its been awhile.
Cheers,
-D
IMHO: security should be as max on school computers as possible. Why? Because there is such a huge number of dumbass idiot kids who think that because it's a school computer, it's their's to screw around with. I can't tell you how many times I've had to fix high-school computers (as a student tech) because someone was dicking around with it. Not to mention the p2p programs (kazaa, morpheus) which install spyware and other things, viruses, and of course, programs. Not to forget about BO and the like which then could mean the computers could be a part of a DDOS attack somewhere else. What happens? The school gets sued or has charges pressed against it by the victimized party and **** goes downhill from there. All because a student (or a few) decided to "have some fun"? Screw that noise...
No: the shatter attack makes priviledge escalation possible ONLY if the app in question is running under a priviledge account (system or administrator).Quote:
Originally posted here by tampabay420
I'm sure you could use arbitrary code injection to kill fortres101 process' ?
Someone correct me if i'm wrong- If you can run an APP (via, ie>> "a:\app.exe") then you can most likely gain admin rights on that local pc. Questions/ COmments? Again- i restate that i may be incorrect. :-)
As for the whole security thing, the way I see it, I don't care if students are able to get to a command prompt on the comptuers in my labs because NTFS (and registry) permissions are set intelligently on win2000. So they might browse arround but most likely cannot do much harm... Also, using group policies, you can restrict most/all "potentially dangerous" functions...
As for students playing or using other apps during courses, I pretty much leave that up to the teachers... hell, they're not paid to sit there and do nothing during computer lab periods...
Ammo